I regularly use the standard form to send login information through the HTTP POST method, and then check it with php to verify the data is correct. I use the md5 hash for passwords (and sometimes for usernames) to provide some degree of security, so I donβt store the raw password in my code if it is viewed by an unauthorized person or something like that.
I am pretty sure that I just did someone, even dimly understanding the groan of security or, at least, sighing with annoyance.
I recently worked on a forum with a MySQL database for users and passwords, the passwords are stored in the form of md5 hashes, but I'm worried that when sending the login form via HTTP POST the ability to intercept information there. I know about the capabilities of MySQL attacks and I think that I am safe from any simple attacks.
I'm not a security expert when it comes to this, but I would like to limit the ability to intercept passwords when sending over HTTP.
This is not a big site, so I donβt worry too much about attacks, and HTTPS is not really an opportunity, so Iβm looking for advice on standard practices that I should follow when using this method of sending login information.
Greetings
source
share