I have some example sending request with file_get_contents() function from PHP to openfire API. Request is like:
file_get_contents("http://localhost:9090/plugin/userService/userservice/?type=add&secret=secret_key&username=username&password=password");
This type of request stores user data into database.
If there's any possible for hacker (user) to hack or track this request and get secret key and password?
I know for better type of sending request but I'm interested if there's a way to hack it.
Thanks.