W3C home > Mailing lists > Public > www-tag@w3.org > May 2002

RE: updated findings on whenToUseGet

From: Dan Connolly <connolly@w3.org>
Date: 20 May 2002 09:57:56 -0500
To: LMM@acm.org
Cc: www-tag@w3.org
Message-Id: <1021906676.10964.15.camel@dirk>
On Mon, 2002-05-20 at 09:24, Larry Masinter wrote:
> > "In that case, the form uses POST, since
> > 
> > * the document to be validated might be confidential; any link to the
> > results of validating it would divulge its contents"
> 
> This is a good example, but the issue is broader. For example,
> one security problem people had early on was with sites
> that used a GET-based form for logging in -- the user name
> and password would become part of the URL, and would appear
> in plain-text in the proxy logs. It's not the "result" that's
> private, it's the access information itself.

Yes, the text above is talking about having the document
itself be in the URI; "any link to the results"
refers to something like

	<a href="http://valicator.w3.org?contents=full-text-here">


I guess it's not clear enough.

Bonus points to anybody who provides suggested text before
I get around to it.

> 
> Larry
-- 
Dan Connolly, W3C http://www.w3.org/People/Connolly/
Received on Monday, 20 May 2002 10:57:55 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:55:51 UTC