[thelist] Security of Post vs Get
Richard Davey
rich at launchcode.co.uk
Tue Aug 24 16:13:14 CDT 2004
Hello Hershel,
Tuesday, August 24, 2004, 6:26:35 PM, you wrote:
HR> I have a page which makes a call to the server and loads the resultant page
HR> into a hidden iframe, then operating on the data loaded there.
HR> Are there grounds to suggest that using a form and method="POST" would be
HR> more secure than a GET or just building a URL with JavaScript and submitting
HR> that?
The security isn't in the method you use to transport the data, it is
in the script that receives it - it matters not if its a GET or POST,
if the receiving script doesn't sufficiently validate the data (and/or
source of data) it's hackable regardless.
Best regards,
Richard Davey
--
http://www.launchcode.co.uk - PHP Development Services
"I am not young enough to know everything." - Oscar Wilde
More information about the thelist
mailing list