I guess I assumed that any Login (or any sensitive information) action would be secured with SSL. If you have an SSL connection between you and your server, any packets sniffed would at least be encrypted. The URL would probably still show up in a log somewhere, which makes GET requests over SSL sort of a waste, but at least POST requests will have the form data encrypted.
Of course, if you are reading this and wondering about why anyone would do a form submission over GET... I always think about users wanting to bookmark a page. Think of a user wanting to bookmark the results of a Google search. Anyhow, the point I'm trying to make is that the choice between GET and POST is more complex than flipping a coin :) -Wes 2008/10/29 Paweł Wielgus <[EMAIL PROTECTED]>: > Hi Wes, > thanks for the response, > i've been wondering myself where would be any difference, > but couldn't find any, from the server point of view. > Still the proxies logs are a real threat. > If some one else is reading it, don't think that POST is secure, > one can sniff anything from post. > > Best greetings, > Paweł Wielgus. > > 2008/10/29 Wes Wannemacher <[EMAIL PROTECTED]>: >> On a get request, the password would be present in the URL - >> >> http://localhost:8080/yourApp/Login.action?username=username&password=yourpassword >> >> This is probably not a *huge* deal, but there are places where >> requests might be logged... Proxy servers, etc. >> >> -Wes >> >> 2008/10/29 Paweł Wielgus <[EMAIL PROTECTED]>: >>> Hi Hernán, >>> >>>> Of course, you should never use GET when submitting a password, but that's >>>> a >>>> privacy concern you (developer) just deal when writing your jsp. >>> >>> could You elaborate more about the reason why? >>> >>> Best greetings, >>> Paweł Wielgus. >>> >> >> >> >> -- >> Wesley Wannemacher >> President, Head Engineer/Consultant >> WanTii, Inc. >> http://www.wantii.com >> > -- Wesley Wannemacher President, Head Engineer/Consultant WanTii, Inc. http://www.wantii.com
