I have a run of the mill externally hosted website (linux platofmr) with mysql, php technologies installed. I require my C# application to collect data from the website.
I have a MYSQL database on my website and I want to send my username and password in order to access some sensitive data (using a PHP script)
My current design looks something like this:
C# application POSTs to a login.php script on the website.
e.g mywebsite.com/login.php?username=admin?password=MD5HashedPassword
The script generates a blank page with "OK" if the username and password matches that in the database.
Now I think that's probably secure for just logging in, but if I want the login script to generate XML data which would contain sensitive information, I don't believe it's a secure way of doing it. Am I correct in thinking this?
So what direction should I go. Should I have some kind of PHP Session between my application and the website. Is that a straightforward thing to do? Should I drop the use of PHP all together and use a different technology?
Any opinions and suggestions are greatly welcomed.
Many Thanks