 |
 |
 |
 |
|
|
|
Comments for: hillel_aftel20070510
| Message # 1509995: |
|
Date: 05/15/07 14:32
By: Hillel Aftel Subject: RE: GET-variables In reply to "Professional Developer": You're correct in that user-submitted data will still be transferred insecurely, and you're also correct in suggesting that sensitive data should be transferred via POST and/or HTTPS. This technique is only meant to obfuscate GET query string so that they aren't displayed in the client browser's address line, which would occur with GET requests even when HTTPS is used. There are times when GET requests are simply more practical than POST, for data that is not necessarily sensitive enough to warrant HTTPS and POST, but that you might still not want to display for everyone to see. This is easiest to understand in situations where the query string is used only to set a flag, or to tell the receiving page something about how the page is to be handled or displayed; in other words, things that are not necessarily user-submitted data, but rather, things that reveal the inner workings of your web application, which you might not necessarily want to reveal. This technique simply helps eliminate the tradeoff of convenience to security when query strings are in use in any given web app. |
Previous Message | Next Message |
| Comments: | ||
| Error in script | Scott | 05/20/08 11:45 |
| want to develop a job portal form | wasim | 01/14/08 07:59 |
| RE: GET-variables | mpb | 06/18/07 12:28 |
| RE: GET-variables | Hillel Aftel | 06/13/07 14:17 |
| RE: GET-variables | greybold | 06/06/07 22:45 |
| RE: GET-variables | Hillel Aftel | 05/21/07 13:38 |
| RE: GET-variables | Eugene Wee | 05/16/07 03:06 |
| RE: GET-variables | Hillel Aftel | 05/15/07 14:32 |
| RE: GET-variables | Hillel Aftel | 05/13/07 20:57 |
| RE: GET-variables | Professional Developer | 05/12/07 12:24 |
| GET-variables | Thijs | 05/11/07 14:10 |
|
If you are looking for help, please post on the appropriate forum here. Your questions will be answered much more quickly. | ||
