- From: Dan Connolly <connolly@w3.org>
- Date: 20 May 2002 09:57:56 -0500
- To: LMM@acm.org
- Cc: www-tag@w3.org
On Mon, 2002-05-20 at 09:24, Larry Masinter wrote: > > "In that case, the form uses POST, since > > > > * the document to be validated might be confidential; any link to the > > results of validating it would divulge its contents" > > This is a good example, but the issue is broader. For example, > one security problem people had early on was with sites > that used a GET-based form for logging in -- the user name > and password would become part of the URL, and would appear > in plain-text in the proxy logs. It's not the "result" that's > private, it's the access information itself. Yes, the text above is talking about having the document itself be in the URI; "any link to the results" refers to something like <a href="http://valicator.w3.org?contents=full-text-here"> I guess it's not clear enough. Bonus points to anybody who provides suggested text before I get around to it. > > Larry -- Dan Connolly, W3C http://www.w3.org/People/Connolly/
Received on Monday, 20 May 2002 10:57:55 UTC