- From: Larry Masinter <LMM@acm.org>
- Date: Mon, 20 May 2002 07:24:40 -0700
- To: "'Dan Connolly'" <connolly@w3.org>
- Cc: <www-tag@w3.org>
> "In that case, the form uses POST, since > > * the document to be validated might be confidential; any link to the > results of validating it would divulge its contents" This is a good example, but the issue is broader. For example, one security problem people had early on was with sites that used a GET-based form for logging in -- the user name and password would become part of the URL, and would appear in plain-text in the proxy logs. It's not the "result" that's private, it's the access information itself. Larry
Received on Monday, 20 May 2002 10:25:14 UTC