[thelist] Security of Post vs Get

Richard Davey rich at launchcode.co.uk
Tue Aug 24 16:13:14 CDT 2004

Hello Hershel,

Tuesday, August 24, 2004, 6:26:35 PM, you wrote:

HR> I have a page which makes a call to the server and loads the resultant page
HR> into a hidden iframe, then operating on the data loaded there.

HR> Are there grounds to suggest that using a form and method="POST" would be
HR> more secure than a GET or just building a URL with JavaScript and submitting
HR> that?

The security isn't in the method you use to transport the data, it is
in the script that receives it - it matters not if its a GET or POST,
if the receiving script doesn't sufficiently validate the data (and/or
source of data) it's hackable regardless.

Best regards,

Richard Davey
 http://www.launchcode.co.uk - PHP Development Services
 "I am not young enough to know everything." - Oscar Wilde

More information about the thelist mailing list