> Just an FYI, there should be nothing sensitive in an OAuth URI... Which > is a good thing because even under SSL nothing in a querystring is > encrypted.
No. SSL is below the HTTP layer, meaning that the connection has to be set up before the HTTP GET is even sent. Of course, there are other ways to figure it out, such as DNS requests made, etc. -- ------------------------------------ personal: http://www.cameronkaiser.com/ -- Cameron Kaiser * Floodgap Systems * www.floodgap.com * [email protected] -- I just love a curious consumer! -- "Ranma 1/2" -----------------------------
