[thelist] Security of Post vs Get

Richard Davey rich at launchcode.co.uk
Tue Aug 24 19:24:27 CDT 2004


Hello Ken,

Wednesday, August 25, 2004, 1:15:59 AM, you wrote:

KS> Using certificates to identify the machine or user and encrypt data
KS> transmission is "protecting data" as well. I think you mean
KS> "protecting data from the end user", whereas I was talking about
KS> "protecting data from a 3rd party"

I know that's what you were talking about, which is why I said using
POST will secure the transmission only (hello 3rd party snoopers) but
that is where it ends.

My point was that if he's going to the trouble to hide whatever values
this script returns in a hidden iframe, it's obviously not 3rd parties that
are the issue here, but rather the end user - hence, it's irrelevant
how the data is sent. I did think that was rather clear from my post,
but perhaps not.

Best regards,

Richard Davey
-- 
 http://www.launchcode.co.uk - PHP Development Services
 "I am not young enough to know everything." - Oscar Wilde




More information about the thelist mailing list