[UPHPU] receiving with $_REQUEST

Richard K Miller richardkmiller at gmail.com
Thu Feb 28 16:30:53 MST 2008


On Feb 28, 2008, at 2:57 PM, Ben Reece wrote:

>
>> I agree with this point, the one's that Josh mentioned, and the  
>> those covered on DoughBoy's blog (the link phpninja provided)  
>> regarding well designed code and personally rarely ever use  
>> REQUEST. My sole reason for starting this thread was to inquire  
>> about the security side of it.
>>
> The only security concern I have regarding GET vs. POST, is that GET  
> is often written to web server logs, where POST is usually not.  If  
> you're passing anything especially sensitive (e.g. credit card  
> numbers), and you're using GET, you may need to make sure you web  
> server logs are protected with the same level of security as  
> anywhere else that same data is stored.

Good point. Also, in an SSL transaction, POST variables are encrypted  
but GET variables are not.




More information about the UPHPU mailing list