--- John Brooking <[EMAIL PROTECTED]> wrote: > So > really, POST variables are no more secure than GET > variables, it just takes a little more doing to fake > them.
Side note (without really reading the rest of the thread :) The reason that many people think POST is more secure than GET is because POST data does not show up on the Web server's access logs. Thus, if someone is submitting password information via GET, even over SSL, anyone with access to the access logs can see the password. Here's how this might look on Apache: 127.0.0.1 - - [31/Oct/2001:08:52:14 -0800] "GET /cgi-bin/test.cgi?name=Ovid&password=youwish HTTP/1.1" 200 633 Here's a typical post request, one which *did* have data sent: 127.0.0.1 - - [20/Nov/2001:17:07:43 -0800] "POST /cgi-bin/test.cgi HTTP/1.1" 200 462 Since POST data is read from STDIN, it's typically not ever stored on disk unless the programmer handles that. Cheers, Curtis "Ovid" Poe ===== "Ovid" on http://www.perlmonks.org/ Someone asked me how to count to 10 in Perl: push@A,$_ for reverse q.e...q.n.;for(@A){$_=unpack(q|c|,$_);@a=split//; shift@a;shift@a if $a[$[]eq$[;$_=join q||,@a};print $_,$/for reverse @A __________________________________________________ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
