This content has been marked as final. Show 2 replies
If your page sends the credentials to the server using the GET method, you're already doing it wrong. You already have that security exposure. So you shouldn't be able to do that anyway.
The only secure way to do this is to have the page use the POST method and to be submitted via SSL. As for having other pages which contain the credentials so that the user doesn't have to key them, it should be obvious that then you have the credentials in the HTML. Bad idea.