https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=32406
--- Comment #6 from David Cook <[email protected]> --- (In reply to Marcel de Rooy from comment #5) > Just posted a comment on 32401 about encoding header. This is a move from > header to URL parameter. > Could we have a privacy issue with exposing search terms like that, since > URLs are much more visible? Log files, etc. For bug 32406, I wouldn't worry about it, because it's order data. It's unlikely to be sensitive. But it's an interesting point. In master, the search is already put in the "q" parameter for http://localhost:8081/cgi-bin/koha/members/member.pl I suppose things like email addresses, phone numbers, usernames, etc could potentially be passed through that and wind up in logs. It wouldn't necessarily be that coherent though. But I think it would be fair to argue that searches should be POSTs. Of course, that gets complicated in terms of a RESTful interface. I think one could consider the "search" to be the resource though, so POSTing to create a search makes sense. Bit of a philosophical-technical discussion to have there I think. -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
