passing form data - post method

[davidrobin]

when using the post method the form data is passed in the http header, is it possible this information can be accessed by someone using a protocol analyser to retrieve the password. I am trying to find a database login method.

Code:

<%@ Language=VBScript %>
<%option explicit%>
<HTML>
<HEAD>
<META NAME="GENERATOR" Content="Microsoft Visual Studio 6.0">
</HEAD>
<BODY>
<H1>ASP FORM DEMO</H1>
<form name="userinfo" ACTION="maininfo.asp" METHOD="post">
<H2>Please fill in the following form</H2>
<PRE>
Name  <INPUT type="text" name="uname">
email <INPUT type="text" name="password">

</PRE>
<INPUT type="reset" value="Reset" id=reset1 name=reset1>
<INPUT type="submit" value="Submit" id=submit1 name=submit1>
</form>
</BODY>
</HTML>

[pnj]

why use post?

[davidrobin]

I don't want to use the get method of the form because that will pass the form information as part of the Url. I want to find a way of connecting to a database server where the user enters their username and password and their details not be breached by any third party. The problem I have is the IIS server and SQL server are on different network servers and NT4 will not pass security information across the network. I believe this is corrected in windows 2000. Hopefully then I will be able to use integrated security where the details that the user logs into their workstation with will be securely passed to the SQL/IIS servers and the user will not have to enter their details any extra times than the initial NT authenticated login.

[pnj]

I'm not really the right person to answer your question but I do know that if someone really wants to get
your password over an intranet they can. packet sniffers are really good for this sort of thing.

sorry i can't help you more