Beefy Boxes and Bandwidth Generously Provided by pair Networks
Don't ask to ask, just ask
 
PerlMonks  

Re^3: CGI application

by fidesachates (Monk)
on Feb 15, 2011 at 16:16 UTC ( #888292=note: print w/ replies, xml ) Need Help??


in reply to Re^2: CGI application
in thread CGI application

Absolutely true. I hadn't considered man in the middle or arp poisoning type attacks where the intruder will actually see the payload of the packets.

However, what POST protects against is for instance if a website uses a form to reset a password "www.company.com?resetpw=1". Any bored teenager can get unsuspecting users to click a link with that hyperlink embedded and reset that user's password. Obviously there are more dangerous examples than what that one, but it is this type of "attack" that POST will prevent in that the action is not present in the url.


Comment on Re^3: CGI application

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://888292]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others taking refuge in the Monastery: (7)
As of 2014-10-23 22:12 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    For retirement, I am banking on:










    Results (129 votes), past polls