[UPHPU] receiving with $_REQUEST
Lonnie Olson
lists at kittypee.com
Thu Feb 28 16:45:06 MST 2008
Joshua Simpson wrote:
> On Thu, Feb 28, 2008 at 3:30 PM, Richard K Miller <richardkmiller at gmail.com>
> wrote:
>
>> Good point. Also, in an SSL transaction, POST variables are encrypted
>> but GET variables are not.
>>
>
> Not true. SSL establishes a connection before any HTTP data is sent. GET
> is just as encrypted as POST using SSL. Still, GET variables are cached in
> a variety of sources (notably, the client's browser).
Josh is correct, GET variables are encrypted in transmission. However
you should be aware that GET variables are stored in browser's history
as well as most Web server's access log files.
Don't send sensitive information via GET, even over SSL.
--lonnie
More information about the UPHPU
mailing list