0

In my php application,I have encode to a password and it pass as random encrypt form with every request but if i copy previous encrypt password and paste in another user request, it logged in. I have tested in burp suite application.

How to solve the above problem,Please any one help me out.

thanks in advance

P kumar
  • 1
  • 1
  • 5
  • 3
    Possible duplicate of [How to use password\_hash](http://stackoverflow.com/questions/30279321/how-to-use-password-hash) – Luis Sieira Dec 02 '16 at 09:30

1 Answers1

0

Usually it is not recommended to send the password for every request. This is a typical case for a session, or for an authentication service. Both generate a random token, which can be sent instead of the original password.

martinstoeckli
  • 23,430
  • 6
  • 56
  • 87