Pantek Library

Hosting Provided By

CybrHost

High Speed Hosting

Re: When GET = POST?

From: Jeff Dafoe <jeff(at)badtz-maru.com>
Date: Mon Nov 11 2002 - 20:41:52 EST

> I'm going to buck the trend here, and say that from the point of view

I am glad someone else feels the way I do about this issue. In the case of a web application, it's not important to the script which method was used to submit the data as long as proper validation and sanitization is performed. All that you really need to know is that the data originated from an untrusted source and should be checked accordingly. I could see where explicitly checking for POST could lull someone into a false sense of security. Logging aside, POSTed data is no safer than data sent via GET, so there is no point in checking to see which method was used to submit the data.

Jeff Received on Mon Nov 11 21:41:26 2002

This message: [ Message body ]
Next message: Steven M. Christey: "Re: When GET = POST?"
In reply to Charles Miller: "Re: When GET = POST?"
Next in thread: Jason Healy: "Re: When GET = POST?"
Reply: Jason Healy: "Re: When GET = POST?"
Reply: Glyn Geoghegan: "RE: When GET = POST?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:44 EDT

Contact Us Legal Notices Order Services Online
Pantek Home Privacy Policy IT news Site Map Pantek Library