Any information which the user gives to you should be considered "sensitive". The warning is just trying to say, "If you send anything the way you're doing it now, it's very easy for someone to intercept and read it, because it's not encrypted."
The reason for both POST and SSL is as follows:
- If you use GET or PUT instead of POST, the data is in the URL, which means that it can be seen traversing the net. (Sniffers, man-in-the-middle attacks, compromised router logging the traffic passing through...). Using POST takes the data out of the URL.
- If you use SSL, then the content of the POST is flowing across an encrypted channel and is therefore much harder to intercept (someone with a faked cert could, for instance, but the trivial attacks listed above won't work.)
So you need both to guarantee (modulo very outside cases) that the data is secure.
As to whether the data is "sensitive" or not, it depends on the application, but a good rule of thumb is that any personally-identifiable data is sensitive. So ages, names, addresses, email addresses, IM handles, or anything that when taken together would let you identify someone.
-
Are you posting in the right place? Check out Where do I post X? to know for sure.
-
Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
<code> <a> <b> <big>
<blockquote> <br /> <dd>
<dl> <dt> <em> <font>
<h1> <h2> <h3> <h4>
<h5> <h6> <hr /> <i>
<li> <nbsp> <ol> <p>
<small> <strike> <strong>
<sub> <sup> <table>
<td> <th> <tr> <tt>
<u> <ul>
-
Snippets of code should be wrapped in
<code> tags not
<pre> tags. In fact, <pre>
tags should generally be avoided. If they must
be used, extreme care should be
taken to ensure that their contents do not
have long lines (<70 chars), in order to prevent
horizontal scrolling (and possible janitor
intervention).
-
Want more info? How to link
or How to display code and escape characters
are good places to start.
|
