OUCH! PLEASE!!!
It's not secure *at all* without encryption (and encryption adds security
only as
much as the application which uses it knows what it is doing).
Please don't build applications which pass CC data unencrypted! (access
codes to sensitive data should also be passed in encrypted channels).
Just because you don't see it on your browser window or in the proxy/server
logs doesn't mean it isn't easy for someone to just sniff any network
section
between you and the destination server.
Cheers,
--Amos
> -----Original Message-----
> From: Jarec Basham [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, June 22, 2000 11:43 AM
> To: [EMAIL PROTECTED]
> Subject: Re: GET POST Difference
>
>
> Yes they are. The difference is that POST streams the data rather than
> passing it as text within the header. POST is therefore more
> secure and
> recomended for things like passwords and credit card details.
> As far as your
> servlet is concerned the parameters are readily accessible
> whether they are
> GET or POST.
>
> Jarec
>
> -------------------------------------------------------------------
>
>
> Hi Everybody,
>
> I have a sort of basic doubt in the GET and POST METHODS.
> Well I have a HTML like this and Iam calling a servlet with
> the FORM data.
>
> <HTML><TITLE>Form Test</TITLE>
> <BODY>
> <FORM NAME="frmTest" METHOD="GET" ACTION
> ="http://vivin/servlets/TestServlet">
> <INPUT TYPE=TEXT NAME="txtVal" VALUE="Hello World" LENGTH=20>
> <INPUT TYPE=SUBMIT>
> </FORM>
> </BODY>
> </HTML>
>
> When we use METHOD="GET" the values are passed as query string like,
>
> "http://vivin/servlets/TestServlet?txtVal=Hello+World"
>
> So I know how the values are passed to the server. The header
> request from
> the
> browser to the server will be like this:
>
> GET /servlets/TestServlet?txtVal=Hello+World HTTP/1.1
> Accept: application/vnd.ms-excel, application/msword,
> application/vnd.ms-powerpoint, image/gif, image/x-xbitmap, image/jpeg,
> image/pjpeg, */*
> Accept-Language: en-us
> Accept-Encoding: gzip, deflate
> User-Agent: Mozilla/4.0 (compatible; MSIE 4.01; Windows 95)
> Host: vivin
> Connection: Keep-Alive
>
>
> But when we use METHOD="POST" the URL is just,
>
> "http://vivin/servlets/TestServlet"
>
> and the request to the server is something like this,
>
> POST /servlets/TestServlet HTTP/1.1
> Accept: application/vnd.ms-excel, application/msword,
> application/vnd.ms-powerpoint, image/gif, image/x-xbitmap, image/jpeg,
> image/pjpeg, */*
> Accept-Language: en-us
> Content-Type: application/x-www-form-urlencoded
> Accept-Encoding: gzip, deflate
> User-Agent: Mozilla/4.0 (compatible; MSIE 4.01; Windows 95)
> Host: vivin
> Content-Length: 18
> Connection: Keep-Alive
>
> Now where is the values being passed to the server?
> Are the values passed back to the server at all in a POST method?
>
> Any help is appreciated.
>
> Thanks in advance,
> Vivin.
>
> ______________________________________________________________
> _____________
> To unsubscribe, send email to [EMAIL PROTECTED] and
> include in the body
> of the message "signoff SERVLET-INTEREST".
>
> Archives: http://archives.java.sun.com/archives/servlet-interest.html
> Resources:
http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
