-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Chris,
Chris Pratt wrote: > On 9/7/07, Dave Newton <[EMAIL PROTECTED]> wrote: >> --- Christopher Schultz wrote: >>> Who really cares whether the URL is long or not? >> >> People who have a URL longer than some browsers will >> accept? > > Also, it is sometimes considered a security risk to have certain > information displayed in the URL bar for all to see. Anything you don't want the user to see and/or modify shouldn't be sent by the browser. If you need secure state-carrying information to go from the server back to the client and back to the server, then encrypt it. If you're going that far, compress it and encrypt it, and you'll have a smaller URL ;) Switching from GET to POST solves only one potential security issue: POST bodies are rarely written to log files while GETs almost always are. > I don't make a practice of using this code myself unless it's > absolutely necessary (which is rare), but someone on the list had a > need for information I had available, so I provided it! I think your response would have been more useful had it contained the reasons why you don't normally use this type of code. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFG4cQN9CaO5/Lv0PARAuyXAKCFl5JLEDwm840k64mVSShPlK0qkwCeMktq mbLK1Im2wcqlcJxC2nWzF7U= =71RY -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
