Quick pragmatic security note on this: I actually disagree with this statement. Using GET to pass login > parameters is fine, and in some cases preferable (particularly as it > relates to client caching). If you're concerned about security, you > should encrypt such requests using SSL (you really should do this > regardless of the method used in this case). >
Most web servers include the full URL of each request in their server logs. These logs are not always automatically treated with the privacy accorded to the password database. This is one reason that many prefer to send such data via POST, since entity bodies are not typically recorded except in debugging situations. - Rob ------------------------------------------------------ http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2394694
