Results 1 to 10 of 10

Thread: Encryption on a get method

  1. Feb 8th, 2008, 11:28 AM #1
    thamizhinpan
    thamizhinpan is offline

    Thread Starter
    Addicted Member thamizhinpan's Avatar
    Join Date
    Dec 2005
    Location
    TE
    Posts
    243

    Encryption on a get method

    Can I submit data with encryption on a get method form?
    If above question or answer will help to you
    Don't forget to rate me
    தமிழ்இன்பன்
    Reply With Quote Reply With Quote
  2. Feb 9th, 2008, 02:59 AM #2
    penagate
    penagate is offline
    I'm about to be a PowerPoster!
    Join Date
    Jan 2005
    Location
    Everywhere
    Posts
    13,647

    Re: Encryption on a get method

    Yes if your form target is specified to use HTTPS.

    PHP Code:
    <form method="GET" action="https://example.com/somewhere"
    Reply With Quote Reply With Quote
  3. Feb 15th, 2008, 09:11 AM #3
    manavo11
    manavo11 is offline
    Super Moderator manavo11's Avatar
    Join Date
    Nov 2002
    Location
    Around the corner from si_the_geek
    Posts
    7,171

    Re: Encryption on a get method

    What would that do penagate? What's the difference if it uses HTTPS?


    Has someone helped you? Then you can Rate their helpful post.
    Reply With Quote Reply With Quote
  4. Feb 15th, 2008, 08:23 PM #4
    penagate
    penagate is offline
    I'm about to be a PowerPoster!
    Join Date
    Jan 2005
    Location
    Everywhere
    Posts
    13,647

    Re: Encryption on a get method

    The communication is encrypted using SSL.
    Reply With Quote Reply With Quote
  6. Feb 15th, 2008, 08:29 PM #5
    manavo11
    manavo11 is offline
    Super Moderator manavo11's Avatar
    Join Date
    Nov 2002
    Location
    Around the corner from si_the_geek
    Posts
    7,171

    Re: Encryption on a get method

    So the GET parameters don't show?


    Has someone helped you? Then you can Rate their helpful post.
    Reply With Quote Reply With Quote
  7. Feb 15th, 2008, 08:32 PM #6
    penagate
    penagate is offline
    I'm about to be a PowerPoster!
    Join Date
    Jan 2005
    Location
    Everywhere
    Posts
    13,647

    Re: Encryption on a get method

    Well, that is a good point. Since GET parameters are appended to the URL you are better off putting sensitive data in a POST body.
    Reply With Quote Reply With Quote
  8. Feb 19th, 2008, 12:16 PM #7
    thamizhinpan
    thamizhinpan is offline

    Thread Starter
    Addicted Member thamizhinpan's Avatar
    Join Date
    Dec 2005
    Location
    TE
    Posts
    243

    Re: Encryption on a get method

    I know that, But I don't know how to transfer data between 2 pages automatically (Without submitting by user) with post method.
    So I do that
    If above question or answer will help to you
    Don't forget to rate me
    தமிழ்இன்பன்
    Reply With Quote Reply With Quote
  9. Feb 19th, 2008, 02:51 PM #8
    manavo11
    manavo11 is offline
    Super Moderator manavo11's Avatar
    Join Date
    Nov 2002
    Location
    Around the corner from si_the_geek
    Posts
    7,171

    Re: Encryption on a get method

    One way would be to make a form, and then submit it by javascript. Might not be the best way though...


    Has someone helped you? Then you can Rate their helpful post.
    Reply With Quote Reply With Quote
  11. Feb 19th, 2008, 04:53 PM #9
    killer7k
    killer7k is offline
    Fanatic Member
    Join Date
    Jul 2007
    Posts
    530

    Re: Encryption on a get method

    You CANT at least if you use Post method
    Reply With Quote Reply With Quote
  12. Feb 23rd, 2008, 05:34 AM #10
    visualAd
    visualAd is offline
    VBA Nutter visualAd's Avatar
    Join Date
    Apr 2002
    Location
    Ickenham, UK
    Posts
    4,906

    Re: Encryption on a get method

    You can!!!!!! But I wouldn't recommend it.

    The query string is hidden when making an SSL request so you don't need to worry. Also, you shouldn't be transferring sensitive information back and forth even when it is encrypted; as you can store it in a server side session.

    How SSL works:
    1. A TCP connection on port 443 is first established with the server.
    2. The client says hello. It also sends all its supported ciphers and key exchange protocols.
    3. The sever sends its certificate and the client verifies the certificate and authenticates the server, usually by use of a digital signature.
    4. Upon verification the client and server agree on a key exchange protocol and an encryption cipher.
    5. The server and client exchange the key.
    6. The HTTP request is then encrypted using this key and sent to the server:
      Code:
      GET /index.php?value=secret&value2=versecret HTTP/1.1
Host: www.example.com
    7. When the server receives the encrypted request it uses the agreed key to decrypt it.
    8. The server then encrypts the response with the agreed key and sends it back to the client.


    See, no query string data ever gets seen between the two end points unencrypted. The only visible data are the source and destination IP addresses and the encrypted communications.
    Last edited by visualAd; Feb 23rd, 2008 at 06:09 AM.
    PHP || MySql || Apache || Get Firefox || OpenOffice.org || Click || Slap ILMV || 1337 c0d || GotoMyPc For FREE! Part 1, Part 2

    | PHP Session --> Database Handler * Custom Error Handler * Installing PHP * HTML Form Handler * PHP 5 OOP * Using XML * Ajax * Xslt | VB6 Winsock - HTTP POST / GET * Winsock - HTTP File Upload

    Latest quote: crptcblade - VB6 executables can't be decompiled, only disassembled. And the disassembled code is even less useful than I am.

    Random VisualAd: Blog - Latest Post: When the Internet becomes Electricity!!

    Spread happiness and joy. Rate good posts.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules


Click Here to Expand Forum to Full Width