Beefy Boxes and Bandwidth Generously Provided by pair Networks
Do you know where your variables are?

Re^2: CGI application

by dHarry (Abbot)
on Feb 15, 2011 at 08:49 UTC ( #888155=note: print w/replies, xml ) Need Help??

in reply to Re: CGI application
in thread CGI application

From a security point-of-view POST and GET are more or less the same. While it is true that POST doesn't show information via the URL, it exposes the same information as a GET in the actual network communication. Some would say using usr/pwd over http is completely unsafe. If security is an issue you better use https, sufficient for most purposes.



Replies are listed 'Best First'.
Re^3: CGI application
by fidesachates (Monk) on Feb 15, 2011 at 16:16 UTC
    Absolutely true. I hadn't considered man in the middle or arp poisoning type attacks where the intruder will actually see the payload of the packets.

    However, what POST protects against is for instance if a website uses a form to reset a password "". Any bored teenager can get unsuspecting users to click a link with that hyperlink embedded and reset that user's password. Obviously there are more dangerous examples than what that one, but it is this type of "attack" that POST will prevent in that the action is not present in the url.

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://888155]
[Corion]: ambrus: I think both of AnyEvent and Prima are pretty tight in their memory management because they both are cooperative multitasking and (I think) both use the Perl memory management for managing things
[Corion]: ambrus: And for Windows, I don't think that Prima knows if there still are messages queued for an object (in the Windows message loop). Finding that out would take lots of effort for little gain
[ambrus]: And even if this works, I'm still not sure you can't get double timeouts from a Timer.
[ambrus]: Corion: well Prima::Object says something like that the cleanup method will send an onDestory message and that you can't get more messages after cleanup, or something.
[Corion]: ambrus: Yeah - I don't think the deep source dive will be necessary if things are implemented as simple as they could be :)) And hopefully I won't need (more) timely object destruction. I can update the screen at 60Hz and hopefully even do HTTP ...
[Corion]: ... transfers in the background. Now that I think about it, this maybe even means that I can run the OpenGL filters on Youtube input :)
[ambrus]: Corion: I mentioned that the unix event loop of Prima always wakes up at least once every 0.2 seconds. Have you found out whether the win32 event loop of Prima does that too?
[Corion]: ambrus: Hmm - I would assume that the onDestroy message is sent from the destructor and doesn't go through the messageloop, but maybe it is sent when a window gets destroyed but all components are still alive...
[ambrus]: Corion: partly deep source dive, partly just conservative coding even if it adds an overhead.
[Corion]: ambrus: Hmm - no, I haven't looked at wakeup intervals ... I wonder why it should want to wakeup periodically because it gets a lot of messages from the Windows message loop (on Windows obviously)

How do I use this? | Other CB clients
Other Users?
Others avoiding work at the Monastery: (6)
As of 2016-12-09 10:27 GMT
Find Nodes?
    Voting Booth?
    On a regular basis, I'm most likely to spy upon:

    Results (150 votes). Check out past polls.