 |
 |
 |
 |
|
|
|
Comments for: hillel_aftel20070510
| Message # 1509985: |
|
Date: 05/12/07 12:24
By: Professional Developer Subject: RE: GET-variables Unfortunately, this is a misguided idea right from the start. If indeed your application needs to send sensitive data to the server, and you are using plain old HTTP GET requests to accomplish that, then your security model is deeply flawed and sooner or later you will suffer for it. GET requests are meant for non mutable resources, if user provided data is to be sent, then a POST request should be used. Furthermore, if this POST request contains sensitive data, then HTTPS should be used. This "character at a time" encoding of GET requests is neither secure nor a good idea and it encourages a false sense of security. |
Previous Message | Next Message |
| Comments: | ||
| Error in script | Scott | 05/20/08 11:45 |
| want to develop a job portal form | wasim | 01/14/08 07:59 |
| RE: GET-variables | mpb | 06/18/07 12:28 |
| RE: GET-variables | Hillel Aftel | 06/13/07 14:17 |
| RE: GET-variables | greybold | 06/06/07 22:45 |
| RE: GET-variables | Hillel Aftel | 05/21/07 13:38 |
| RE: GET-variables | Eugene Wee | 05/16/07 03:06 |
| RE: GET-variables | Hillel Aftel | 05/15/07 14:32 |
| RE: GET-variables | Hillel Aftel | 05/13/07 20:57 |
| RE: GET-variables | Professional Developer | 05/12/07 12:24 |
| GET-variables | Thijs | 05/11/07 14:10 |
|
If you are looking for help, please post on the appropriate forum here. Your questions will be answered much more quickly. | ||
