Eric Roberts wrote: > What does that have to do with a site that is online? That's a pretty bad > excuse, in my opinion, to just leave it wide open to the world...the > information you give management should suffice. If they don't trust what > you have to say, what's the point in having you as an employee...they did > hire you for your expertise. That would be like setting up a wireless > network and not using wep to start out with and just leaving it open because > your WPA-PSK server isn't set up yet.
WPA-PSK doesn't use a server, WPA enterprise does. > My main issue is that it creates ugly urls. Beauty is in the eye of the beholder. I find it very convenient and not ugly at all that I can deep link to Google and immediately show what the search string is in the URL itself. > You ever try and paste one of > those in an email? Most of them wrap the text and that doesn't get included > in the link the email program produces. An attractive site is part of the > game we play here...urls included. You are comparing apples and oranges. A URL that has a quey string carries more information then a URL without the query string. In your example, if people were to paste the URL from the form post that extra information would be missing. People would be confronted with a page that said "Form variable not found" and end up at the wrong place. And if you have a problem with your e-mail client you should pick a different one. > Obscurity is small bit of security in that it does keep the honest folks > honest. Even people that know what they are doing would at least have to > take some action to find the values. Putting it all in the url is doing > their job for them. I wouldn't transfer bank accounts or credit cards with > just this alone...I definitely wouldn't do it, even encrypted, in a url at > any time. I wouldn't either. Not for the security reasons you mention, but because a GET signifies that there are no consequences if the request is repeated X times (GET is idempotent). Jochem ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Create robust enterprise, web RIAs. Upgrade & integrate Adobe Coldfusion MX7 with Flex 2 http://www.adobe.com/products/coldfusion/flex2/ Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:271485 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
