0

I'm trying to make a login script in PHP, however a user will signup/login via a C# program.

For obvious reasons I don't want to use GET, but I don't want to make forms and use POST either.

How should I (securely) send data over?

This is only a proof of concept so there isn't any SSL on my website/etc, so there's no extra loops to jump through.

Just so nobody's confused:

Web-based login will be made in PHP, and data will be sent to the website via a program made in C#

Jon
  • 2,566
  • 6
  • 32
  • 52
  • `POST` and `GET` are fundamental parts of HTTP. Have you looked into REST or SOAP? – Robert Dundon Sep 27 '13 at 03:57
  • 2
    You can send data to a website without using a web browser, and without having to create forms. This is true for both `GET` and `POST` queries. And if you're going to use C# as an interface, the difference between `GET` and `POST` is trivial -- both are sent wide open in plaintext. So there's no "for obvious reasons" here. If you want security, read up on certificates and PKI -- easily implementable with C# libraries. – jedwards Sep 27 '13 at 04:02
  • "isn't any SSL on my website, so there's no extra loops to jump through" - it is exactly opposite - SSL is well known and widely available mechanism to send data over secure channel. If you want to get similar level of security you'll have to read/code a lot... – Alexei Levenkov Sep 27 '13 at 04:35
  • There's a handy mnemonic device for using well-known and widely tested cryptographic tools instead of making ones up from scratch: . – dig Apr 04 '18 at 03:56
  • @dig that's not what I was trying to do (five years ago when this question was asked). I was asking the best way to transmit data without a lot of work, and without leaving passwords in an access.log somewhere. Although, this question is nonsense the way I asked it (I think I was asking if there was something as simple as GET that did not leave traces anywhere, like POST). – Jon Apr 04 '18 at 05:00

3 Answers3

0

You have to use GET or POST to submit your form data back to the PHP page. There is no way around that.

Once your PHP code has it on the backend you can do whatever you want to get it to the C# program.

Using a POST would eliminate items being added to the query string like GET does and of course doing it over HTTPS would make it more secure.

Welsh
  • 5,138
  • 3
  • 29
  • 43
0

The only way to be secure is to use https:. You can look at client-side encryption, but that involves private/public keys - https will be easier.

Client side is HTML/JCSS/Javascript. If you want a user to enter ID annd password then you will have forms, and GET or POST is what you will use. Even if you wrap it up in AJAX, it will still be the same.

Go and think this through, and come back with a proper question. Telepathy isn't sufficiently reliable for your needs. Yet.

0

I'm not quite sure I understand correctly but what I understood was you want to send the login via a C# program. In that case check this question: HTTP request with post.

If however you want to send the data via the webpage, without having a form. You'd need to make the POST request via javascript.

Any of both methods require POST requests, even though you don't use forms.

Community
  • 1
  • 1
dajavax
  • 3,060
  • 1
  • 14
  • 14