"Diez B. Roggisch" <de...@nospam.web.de> writes: > If somebody happens to have access to a proxy & it's logs, he can as > well log the request body.
I'm not talking about a malicious server operator. In this situation, I was the server operator and I didn't want to be recording the conversations. I had to go out of my way to stop the recording. SSL doesn't help and in fact I was using it, but web server logging happens after the SSL layer. I suppose SSL would help against a malicious proxy. Many people back in those days (before AJAX became a buzzword du jour) wanted to do encryption on the client in java or javascript, but that was almost unworkably kludgy, and SSL was the only approach that made any sense. It might be easier now that the javascript API's are richer and the interpreters are faster. -- http://mail.python.org/mailman/listinfo/python-list
