[UPHPU] receiving with $_REQUEST

Lonnie Olson lists at kittypee.com
Thu Feb 28 16:45:06 MST 2008


Joshua Simpson wrote:
> On Thu, Feb 28, 2008 at 3:30 PM, Richard K Miller <richardkmiller at gmail.com>
> wrote:
> 
>> Good point. Also, in an SSL transaction, POST variables are encrypted
>> but GET variables are not.
>>
> 
> Not true.  SSL establishes a connection before any HTTP data is sent.  GET
> is just as encrypted as POST using SSL.  Still, GET variables are cached in
> a variety of sources (notably, the client's browser).

Josh is correct, GET variables are encrypted in transmission.  However 
you should be aware that GET variables are stored in browser's history 
as well as most Web server's access log files.

Don't send sensitive information via GET, even over SSL.

--lonnie



More information about the UPHPU mailing list