Joshua Simpson wrote:
On Thu, Feb 28, 2008 at 3:30 PM, Richard K Miller <[EMAIL PROTECTED]>
wrote:
Good point. Also, in an SSL transaction, POST variables are encrypted
but GET variables are not.
Not true. SSL establishes a connection before any HTTP data is sent. GET
is just as encrypted as POST using SSL. Still, GET variables are cached in
a variety of sources (notably, the client's browser).
Josh is correct, GET variables are encrypted in transmission. However
you should be aware that GET variables are stored in browser's history
as well as most Web server's access log files.
Don't send sensitive information via GET, even over SSL.
--lonnie
_______________________________________________
UPHPU mailing list
[email protected]
http://uphpu.org/mailman/listinfo/uphpu
IRC: #uphpu on irc.freenode.net
