Re: CGI application


The stupid question is the question not asked
	PerlMonks

Re: CGI application

by fidesachates (Monk)

on Feb 14, 2011 at 18:01 UTC ( #888035=note: print w/ replies, xml )

Need Help??

in reply to CGI application

Small tidbit: You probably don't want ?uid=tom&pwd=uy877 to show up in your url. It's unsafe for many reasons. Don't use GET when you're dealing with sensitive informatino or changing databases. Use POST.

Comment on Re: CGI application
Re^2: CGI application by dHarry (Monsignor) on Feb 15, 2011 at 08:49 UTC
From a security point-of-view POST and GET are more or less the same. While it is true that POST doesn't show information via the URL, it exposes the same information as a GET in the actual network communication. Some would say using usr/pwd over http is completely unsafe. If security is an issue you better use https, sufficient for most purposes. Cheers Harry	[reply]
Re^3: CGI application by fidesachates (Monk) on Feb 15, 2011 at 16:16 UTC
Absolutely true. I hadn't considered man in the middle or arp poisoning type attacks where the intruder will actually see the payload of the packets. However, what POST protects against is for instance if a website uses a form to reset a password "www.company.com?resetpw=1". Any bored teenager can get unsuspecting users to click a link with that hyperlink embedded and reset that user's password. Obviously there are more dangerous examples than what that one, but it is this type of "attack" that POST will prevent in that the action is not present in the url.	[reply]

In Section Seekers of Perl Wisdom

Log In^?

Node Status^?

node history
Node Type: note [id://888035]
help

Chatterbox^?

How do I use this? | Other CB clients

Other Users^?

Others taking refuge in the Monastery: (7)

As of 2013-06-19 01:21 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Voting Booth^?

How many continents have you visited?

Results (637 votes), past polls