is there any 'safe' way to get a password from the form to the (php) script?
I read a 'password' box doesn't really encrypt, just simply places asterisks instead of letters (providing a false feeling of security).

Also, is it safe (if there's only one login & pass) to store the username and password in the PHP file?

Originally posted by Cheap Bastard
is there any 'safe' way to get a password from the form to the (php) script?
I read a 'password' box doesn't really encrypt, just simply places asterisks instead of letters (providing a false feeling of security).

Also, is it safe (if there's only one login & pass) to store the username and password in the PHP file?

You read right. All it does is hide it from viewing...the only 'safe' way would be using a SSL connection.

Should be safe, as long as your server is properly set up....a site I used to visit had a server malfunction that lost the php file type, which meant when you went to a php page, it let you download the file instead of processing, meaning you could view the source code....however, barring something like that, your php source should be perfectly safe (and your pass along with it)

wouldn't SSL be a little overdone for a simple counter log?
or a bulleting board... or any php script except one handling CC info?

Yes, the ***** aren't secure. I've seen programs that remove the stars so that all of your passwords show up as normal text.

so have i

but i don't think they're getting stored, which is (also) what i was hinting at...

Originally posted by Cheap Bastard
wouldn't SSL be a little overdone for a simple counter log?
or a bulleting board... or any php script except one handling CC info?

Definitely it would...there's no need for that kind of security just for that. You asked what was "safe"...that's the closest to safe as there is...for what you're doing, there's no real risk with the password box...

If you pass the password and username to the script using POST you will come a great step.