[EMAIL PROTECTED] wrote:
Hi Bob,
I agree using POSTs rather than GETs is better practice for most
forms, but there is little effect on security.
in general, i agree. there is no subsitute for transport layer
encryption. but it still makes sense not to GET passwords.
to me, querystrings are part of the metadata and POST bodies are part of
the data. not reading the former is nearly impossible when you're a man
in the middle, reading (and logging!) the latter requires effort and bad
intent.
take proxies or load balancers. your GET data *will* be cached and
logged in odd places out there.
i don't agree that server-side logging is not an issue either: granted,
in an ideal world, all logs are only readable by one user and properly
chmodded. on my planet, that's simply not the case.
a third issue is browser caching: of course, most browsers cache form
data nowadays. but they do protect passwords if the user wants them to.
if it's in the "history" or favourites list, every attacker can harvest
them locally even if the user has set a master passwort for his/her form
cache.
plus the goal is to make it hard for people glancing over the user's
shoulder. what's the point of annoying the user with a row of asterisks
in the login form (which leads to typos) when we display the data in
cleartext in the addressbar afterwards?
--
Jörn Nettingsmeier
Kurt is up in heaven now.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
