W3C home > Mailing lists > Public > www-forms@w3.org > May 2006

Why is submission with method of urlencoded-post deprecated?

From: John Boyer <boyerj@ca.ibm.com>
Date: Fri, 5 May 2006 17:27:26 -0700
To: www-forms@w3.org
Message-ID: <OFED4F131C.8A7C11F7-ON88257166.0001C4A8-88257166.00028262@ca.ibm.com>
In Section 11.2, it says that urlencoded-post as a method is deprecated.
There is no citation in the section to say why, but given that this 
appeared
in 1.0 first edition, I assume we are following some other spec out there.
Would be nice to know which one.

Moreover, given that the basic user login and password screen used 
across the web seems to rely on this method, why is it deprecated?

Seems we couldn't do the usual login screen with an XForm without this
because login systems tend to look only for the url encoded post data, and
they don't fall back to looking in the URL for the parameters, which is 
where
a GET would put them.

I think that login system *don't* do this fallback because they want to 
discourage
use of method GET so that a person's password doesn't show up clear text 
in
the user agent URL cache.

Thanks,
John M. Boyer, Ph.D.
Senior Product Architect/Research Scientist
Co-Chair, W3C XForms Working Group
Workplace, Portal and Collaboration Software
IBM Victoria Software Lab
E-Mail: boyerj@ca.ibm.com  http://www.ibm.com/software/

Blog: http://www.ibm.com/developerworks/blogs/page/JohnBoyer
Received on Saturday, 6 May 2006 00:27:48 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Saturday, 10 March 2012 06:22:04 GMT