2

I'm implementing a SMS verification system. this system is provided by a third party company. it can be done by using both GET and POST. that both works perfectly.

Using get:

http://srviceprovider.com/sms.aspx?text=SomeText&To=ReceiverPhoneNumber&from=SenderPhoneNumber&username=MyUserName&Password=MyPassword

that is simply giving out my credentials

and the second way the provider show in its example is:

Post using:

Response.Write();

this looks better than the first one. but still one can access the username and password. I was wondering if there is a way to post data from server (not client side) and may be using sql queries.

Improve this question

1 Answer 1

Reset to default
1
  1. Use SSL communication. Google it.
  2. You should not be sending or even storing plain passwords in your database. It must be encrypted everwhere using some encryption algotithm like SHA. For eg. Password abc will be encrypted and saved as 123. Password can be encrypted at the client side itself and then sent to the server. Even if anyone sees the password value (123) in the string or in the database table he would not be able to use it in the password box because the encrypted value of 123 will be something else like xyz. Read more about SHA algorithms and you will yourself get to know everything. Cheers and all the best !

As per my understanding you wish to post to a webserver but not from your client side. You can make use of WebRequest class (at server side) to post data to the 3rd party's web server. Futher if you wish to make the entire process aynchronous you can make use of Win Services/WCF Services to post data on some web server. Here you will first just update the fields/flags in the db tables using queries fired from the client side. Next your win/wcf service will pick those records from the tables, form the required query and finally will POST it on some web server. For more information on WebRequest class you can go through this link.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

yes, i know this and i myself use salted hashed passwords. as I said this is a third party company and i have to send the password as it is. and i don't have access to change it.
I misinterpreted your question, I edited my answer. Hope it helps.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.