[UPHPU] receiving with $_REQUEST

David Smith davidsmith at byu.net
Thu Feb 28 17:17:12 MST 2008


Joshua Simpson wrote:
> On Thu, Feb 28, 2008 at 3:30 PM, Richard K Miller <richardkmiller at gmail.com>
> wrote:
>
>   
>> Good point. Also, in an SSL transaction, POST variables are encrypted
>> but GET variables are not.
>>     
>
> Not true.  SSL establishes a connection before any HTTP data is sent.  GET
> is just as encrypted as POST using SSL.  Still, GET variables are cached in
> a variety of sources (notably, the client's browser).
>   

Josh is right. The only unencrypted data that snoopers could see in this 
case is the IP address and port number you are talking to.
Even though the query string is visible in your browser's address bar 
it's still encrypted on the wire.

--Dave


More information about the UPHPU mailing list