|
Authored by: cjk fossman on Sunday, May 05 2013 @ 02:02 PM EDT |
If you're putting the password on the URL query string,
you're effectively making it public.
Suppose, for example, you have the password in the query
string and you subscribe to Google Analytics. The entire
query string will go to Google, including the password.
Same thing happens if your web page downloads a script or
css from a third party provider.
As the owner of a web site, you have further put your users
at risk by causing their passwords to be saved in their
browsing history.
Sending the password on the query string is about as secure
as painting a picture of a lock on your door. A programmer
who does this or a web site owner who allows it is negligent
and should be treated as such. Some jurisdictions have
attractive nuisance statutes. A web site with this level of
protection qualifies.
All of this is not to mention the ambiguity of having a
variable named 'pw' in the query string and expecting a user
to know it means 'password.' If you're going to punish
people for doing things, you're obligated to make clear that
the act is punishable. Using 'pw' to stand for 'password'
does not meet that requirement.
Basic authentication is a little bit better, because then
the bad guy has to know how to put together a request
header. Not much more effective than putting it in the GET,
but it does signify an intent. Here we know for sure that
the user knows there is some level of password protection.
I guess this level of protection is OK if you, as a website
owner, know that the users won't be putting sensitive data
on the site. Otherwise you join the ranks of the negligent.
And if you're storing sensitive information, sending
passwords in plain text is not sufficient. And if you think
encryption alone is sufficient protection, please post the
URLs of websites you own or have written so I can avoid
them.[ Reply to This | Parent | # ]
|
|
|
|
|