Prevent Password being sent over HTTP GET
I have come across a strange requirement during Security Review where I
have to prevent username and password is being sent over HTTP GET in
asp.net web forms.
Scenario is like this.
We have login form with user name and password. Client side, if we change
the Form method to GET using any tool then the user name and password is
will be sent over as query string and the user is able to login if the
credential is valid.
How we can prevent username and password sent over HTTP GET in asp.net web
forms
No comments:
Post a Comment