[1402] in WWW Security List Archive
POST vs. GET
daemon@ATHENA.MIT.EDU (Antonio Vasconcelos)
Mon Jan 8 21:47:42 1996
Date: Mon, 8 Jan 1996 23:05:31 GMT
To: www-security@ns2.rutgers.edu
From: Antonio Vasconcelos <vasco@bvl.pt>
Errors-To: owner-www-security@ns2.rutgers.edu
Hi there.
I've been waiting for some posts to come up in order to learn this mailing
list 'modus operandus', but this looks to be a rather quiet place, so, I'm
posting anyway. Pardon me if I'm doing something wrong.
Ok, so my question is somewhat basic, but I couldn't find an answer by myself.
From a security point of view, is there any reason to use METHOD=GET instead
of METHOD=POST when submiting forms ?
I'm only asking this because a few days ago I come into a situation where I
had to use POST. I were happy until then with GET, but GET with TEXTAREA
fields when going through a TIS firewall looks to be a "no-no".
I don't know why but everything after the first &0D looks to be truncated
somewhere in the way to the server. This includes the other lines that may
exist in the TEXTAREA and _ANY_ other field that may appear after the TEXTAREA.
regards,
Antonio Vasconcelos @ The Lisbon $tock Exchange
..........................................................
vasco@bvl.pt, vasco@individual.puug.pt, postmaster@bvl.pt,
webmaster@bvl.pt, http://www.bvl.pt:8080/~vasco
..........................................................
TEL: +351-1-790-9904 Bolsa de Valores de Lisboa
FAX: +351-1-795-2026 R. Soeiro Pereira Gomes
1600 LISBOA
http://www.bvl.pt/ PORTUGAL
..........................................................
All opinions are my own, my employer thinks I'm working
..........................................................
