Re: [OpenBD] Re: Loading a form using POST

['Alan Holden' via Open BlueDragon]

Whew! Ok with that protocol warning out of the way, on to the resource issues! > I do allow customers to pre-load field values to a form. Someone tried doing this with one of my pages using POST and they report that the fields have the variables loaded but the css and _javascript_ do not load on their end. Here's the scenario I think you're describing: A page is loaded with a blank form for the user to complete. If the server knows the user, you provide a link feature whereby the page can be loaded again, this time with the "value" attributes of the form tag populated with values from the database. Is that an accurate description? Is it the election of this link feature which is made via the POST method & https? This is where the css/js resources are not loaded by the browser? You change the protocol to GET, and the resources are loaded OK? If all the above is true, then I would theorize that your main page request is being made via https, while the source links in the tags for your js and css files are still coded in http. Some customer browsers are set NOT to load insecure resources for a securely submitted form. That's my guess. Al On 7/29/2014 6:21 AM, John Moss wrote: In principal yes. All of these requests are handled via https. Server logs however will log get requests so a credit card number included in a get request will be logged in clear-text in a server log somewhere. (I've seen this.) For this reason a POST is more secure than a GET if you are sending sensitive information. Thanks guys, John Moss On Monday, July 28, 2014 9:51:27 PM UTC-6, forcesofindia.com wrote: +1 Nitish From: 'Alan Holden' via Open BlueDragon Sent: ‎29-‎07-‎2014 07:08 To: ope...@googlegroups.com Subject: Re: [OpenBD] Re: Loading a form using POST +1 to Dennis' response. The difference between GET and POST is the method by which the variables are sent. GET uses the query string portion of the URL, so they are visible to the browser operator (the same person conceptually holding the credit card). So hiding it there merely gives a perception of security. The real security issue is - POST or GET - sending data over the network via plain http - where people you don't even know can read it, and not with a browser. You're using https to transmit credit card numbers, right? Al On 7/28/2014 4:21 PM, Halo Maps wrote: >>  They wanted to do this because they want to send credit card numbers >> (and other sensitive stuff) and GET is not as secure as POST for this. >> (I agree with this, by the way.)   Get or POST unless it’s encrypted both have the same security standing.  One is just more visible  to the user  than the other.   Dennis Powers UXB Internet - A website Design and Hosting Company P.O. Box 6028, Wolcott, CT 06716 - T:203-879-2844 W: http://www.uxbinternet.com W: http://www.ctbusinesslist.com   -- -- online documentation: http://openbd.org/manual/ http://groups.google.com/group/openbd?hl=en --- You received this message because you are subscribed to the Google Groups "Open BlueDragon" group. To unsubscribe from this group and stop receiving emails from it, send an email to openbd+un...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- -- online documentation: http://openbd.org/manual/ http://groups.google.com/group/openbd?hl=en --- You received this message because you are subscribed to the Google Groups "Open BlueDragon" group. To unsubscribe from this group and stop receiving emails from it, send an email to openbd+un...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- -- online documentation: http://openbd.org/manual/ http://groups.google.com/group/openbd?hl=en --- You received this message because you are subscribed to the Google Groups "Open BlueDragon" group. To unsubscribe from this group and stop receiving emails from it, send an email to openbd+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- -- online documentation: http://openbd.org/manual/ http://groups.google.com/group/openbd?hl=en --- You received this message because you are subscribed to the Google Groups "Open BlueDragon" group. To unsubscribe from this group and stop receiving emails from it, send an email to openbd+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.