Am 04.02.10 00:39, schrieb Paul Rubin:
"Diez B. Roggisch"<de...@nospam.web.de> writes:
Of course only information not gathered is really safe
information. But every operation that has side-effects is reproducable
anyway, and if e.g. your chat-app has a history, you can as well log
the parameters.
No I can't. The chat-app history would be on the client, not the
server, so I'd have no access to it. Put another way: as server
operator, I'm like the owner of a coffee shop. I can't stop patrons
from recording their own conversations with each other, and it's not
even really my business whether they do that. But it would be
outrageous for the shop owner to record the conversations of patrons.
Which is the exact thing that happens when you use an email-provider
with IMAP. Or google wave. Or groups. Or facebook. Or twitter. Which I
wouldn't call outrageous.
This discussion moves away from the original question: is there anything
inherently less secure when using GET vs. POST. There isn't.
Users can forge both kind of requests easy enough, whoever sits in the
middle can access both, and it's at the discretion of the service
provider to only save what it needs to. If you don't trust it, don't use it.
Diez
--
http://mail.python.org/mailman/listinfo/python-list
