Matthew Ratzloff wrote: > Well, my point was that because any of those can be manipulated > (POST, GET, COOKIE, etc.), selecting from a specific source can > lead to a false sense of added security.
The idea that ignorance promotes security is fundamentally flawed. Pádraic clearly understands the risks associated with this perspective. In addition, this approach works against the HTTP spec, eroding the important distinction between GET and POST requests. Chris
