Home: General Discussions: Internet Security:
GET/POST Method value hiding



santhosh_89
Novice

Mar 4, 2009, 3:34 AM


Views: 45316
GET/POST Method value hiding

We have a lot of software to get the post/get methods value in HTML,
Example The Get method values are visible in address bar,we can get the post method value by tamper data(Add ons) software,It is a one of the hacking mechanism,How Can i prevent my code,Some hacker can change the get and post method value through firebug.I wanted to hide my source code,What should i do.


gnix
Novice

Mar 4, 2009, 6:22 AM


Views: 45312
Re: [santhosh_89] GET/POST Method value hiding

You can not hide your html or be sure that the GET and POST request has been realy sent by your html page. The only way to be more secure is to parse all the data that your Web application will read (GET, POST, Cookies, etc.).

gnix


santhosh_89
Novice

Mar 4, 2009, 8:04 PM


Views: 45305
Re: [gnix] GET/POST Method value hiding

Ok,Suppose you are going to create a banking interface,When you are validating the user and password we must use post method for passing the values to next page,If I launch tamper data add-ons ,I could see your secret password in this application even post method,I can see your user name and secret password when you are logging in the banking
interface,Here there is no security,other can misuse my resource,
Some ways may be there,


FishMonger
Veteran / Moderator

Mar 4, 2009, 8:12 PM


Views: 45302
Re: [santhosh_89] GET/POST Method value hiding

http://en.wikipedia.org/wiki/Secure_Sockets_Layer

http://www.google.com/search?q=pci+compliance&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a


KevinR
Veteran


Mar 4, 2009, 9:39 PM


Views: 45297
Re: [santhosh_89] GET/POST Method value hiding


In Reply To
Ok,Suppose you are going to create a banking interface,When you are validating the user and password we must use post method for passing the values to next page,If I launch tamper data add-ons ,I could see your secret password in this application even post method,I can see your user name and secret password when you are logging in the banking
interface,Here there is no security,other can misuse my resource,
Some ways may be there,


Any bank stupid enough not to use https to send sensitive data over the internet will soon be out of business.
-------------------------------------------------