CGI/Perl Guide | Learning Center | Forums | Advertise | Login
Site Search: in

  Main Index MAIN
INDEX
Search Posts SEARCH
POSTS
Who's Online WHO'S
ONLINE
Log in LOG
IN

Home: General Discussions: Internet Security:
GET/POST Method value hiding

 



santhosh_89
Novice

Mar 4, 2009, 3:34 AM

Post #1 of 5 (26309 views)
GET/POST Method value hiding Can't Post

We have a lot of software to get the post/get methods value in HTML,
Example The Get method values are visible in address bar,we can get the post method value by tamper data(Add ons) software,It is a one of the hacking mechanism,How Can i prevent my code,Some hacker can change the get and post method value through firebug.I wanted to hide my source code,What should i do.


gnix
Novice

Mar 4, 2009, 6:22 AM

Post #2 of 5 (26305 views)
Re: [santhosh_89] GET/POST Method value hiding [In reply to] Can't Post

You can not hide your html or be sure that the GET and POST request has been realy sent by your html page. The only way to be more secure is to parse all the data that your Web application will read (GET, POST, Cookies, etc.).

gnix


santhosh_89
Novice

Mar 4, 2009, 8:04 PM

Post #3 of 5 (26298 views)
Re: [gnix] GET/POST Method value hiding [In reply to] Can't Post

Ok,Suppose you are going to create a banking interface,When you are validating the user and password we must use post method for passing the values to next page,If I launch tamper data add-ons ,I could see your secret password in this application even post method,I can see your user name and secret password when you are logging in the banking
interface,Here there is no security,other can misuse my resource,
Some ways may be there,


FishMonger
Veteran / Moderator

Mar 4, 2009, 8:12 PM

Post #4 of 5 (26295 views)
Re: [santhosh_89] GET/POST Method value hiding [In reply to] Can't Post

http://en.wikipedia.org/wiki/Secure_Sockets_Layer

http://www.google.com/search?q=pci+compliance&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a


KevinR
Veteran


Mar 4, 2009, 9:39 PM

Post #5 of 5 (26290 views)
Re: [santhosh_89] GET/POST Method value hiding [In reply to] Can't Post


In Reply To
Ok,Suppose you are going to create a banking interface,When you are validating the user and password we must use post method for passing the values to next page,If I launch tamper data add-ons ,I could see your secret password in this application even post method,I can see your user name and secret password when you are logging in the banking
interface,Here there is no security,other can misuse my resource,
Some ways may be there,


Any bank stupid enough not to use https to send sensitive data over the internet will soon be out of business.
-------------------------------------------------

 
 


Search for (options) Powered by Gossamer Forum v.1.2.0

Web Applications & Managed Hosting Powered by Gossamer Threads
Visit our Mailing List Archives