Is it possible to safely include a password in a query string for a c# asp.net site. Few assumptions and things I know - [*]The site does not and will not have links/images/javascript/analytics to/from other sites. So no referrer links to worry about. [*]ALL communication with the web browser will be over https.[*]I know that the query string will remain in the history of thecomputer.[*]More than just the password/username is needed to login. So simplypasting the url back into the browser will not result in a login.I know the site may be susceptible to cross site scripting and replay attacks. How do I mitigate these? Given the above scenario, how should I include a password in a query string? Please don't ask me 'why', I know this is not a good idea, but it is what the client wants.
How to safely include password in query string
- Thread starter thougsTuh
- Start date