1

Today I try to test my website which build with codeigniter. I try to check that using Wireshark (for network administrator). But in traffic, I still see the username and password login. So maybe any ideas to solve this problem. maybe someone else have this problem too.

Here is my controller 

 public function val()
  {
      $this->form();    
      if($this->form_validation->run()==FALSE)
      {
        $this->load->view('form_login_val');
      }else
      {
       $username = $this->input->post('username');
       $password = $this->input->post('password');

       $cek = $this->m_login->takevalidator($username, $password );
       if($cek <> 0)
            {
              $this->session->set_userdata('validator_status', TRUE);                                  
              redirect('home/validate');
            }
        else
            {
             $this->session->set_flashdata('gagal_login', "Username atau password yang anda masukkan salah.");  
             redirect('reff/val');        
            }
      }  
  }

Thanks

Chris
  • 161
  • 2
  • 10

1 Answers1

3

As has been mentioned in the comments, if you don't want these fields to be sent unencrypted, you must use HTTPS/SSL; on an unencrypted connection, POST is no more secure than GET.

For more details, see this question: How secure is a HTTP POST?

Hatchet
  • 4,880
  • 1
  • 29
  • 42