W3C home > Mailing lists > Public > www-tag@w3.org > May 2002

RE: updated findings on whenToUseGet

From: Larry Masinter <LMM@acm.org>
Date: Mon, 20 May 2002 07:24:40 -0700
To: "'Dan Connolly'" <connolly@w3.org>
Cc: <www-tag@w3.org>
Message-ID: <00d801c2000a$143e37d0$6ace8642@larrypad>
> "In that case, the form uses POST, since
> 
> * the document to be validated might be confidential; any link to the
> results of validating it would divulge its contents"

This is a good example, but the issue is broader. For example,
one security problem people had early on was with sites
that used a GET-based form for logging in -- the user name
and password would become part of the URL, and would appear
in plain-text in the proxy logs. It's not the "result" that's
private, it's the access information itself.

Larry
Received on Monday, 20 May 2002 10:25:14 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:55:51 UTC