I have a link on my page which will open another website by means of a return window.open( . this website is an shop which provided me to buy and eventually get an xml for the others. If i log in to the site i go to www.thewebsiteoftheshop.com/basket?username=user1&password=test
then the user can see the password in the url,
the first problem is: I have a database where is store the username and password which i will later put with variables in the url for username and password. I know have inserted the username and password, with the password as Md5. put if i know select these data from the database it will give me the hashed password and then the link won't work.
but the second problem is: I don't want the user to see or retrieve the password
I thought of, just putting this page(where the link is) on a secure page with login. But the only problem is that if i put the password not hashed but as a normal string in my database, that maybe someone from outside can get the password. So this will be risky.