[1415] in WWW Security List Archive
Re: POST vs. GET
daemon@ATHENA.MIT.EDU (Daniel J. Boyle)
Wed Jan 10 12:08:07 1996
Date: Wed, 10 Jan 1996 09:32:18 -0500 (EST)
From: "Daniel J. Boyle" <djb2413@is2.NYU.EDU>
To: Tudor Hulubei <chang!tudor@pub.ro>
Cc: vasco@bvl.pt, www-security@ns2.rutgers.edu
In-Reply-To: <199601091021.MAA06481@chang>
Errors-To: owner-www-security@ns2.rutgers.edu
> Don't use GET. There is no reason why you should use GET instead of
> POST (which is the recommended method).
I can think of at least one reason to use GET instead of POST. Since the
Query_String becomes part of the URL with a GET, future calls to the same
page, say a search results page, would come from the browser's cache,
provided the browser had a decent caching mechanism, instead of always
posting to the server. Of course, this depends on the browser, but most
these days have decent caching algorithms. Besides, is this a security
issue, really? Both GET and POST are insecure methods of transfer.
