[1421] in WWW Security List Archive
Re: POST vs. GET
daemon@ATHENA.MIT.EDU (Ricky G. LeMarr)
Thu Jan 11 19:48:19 1996
To: www-security@ns2.rutgers.edu
Date: Thu, 11 Jan 1996 15:54:35 -0600 (CST)
From: "Ricky G. LeMarr" <rlemarr@promus.com>
In-Reply-To: <Pine.SUN.3.90.960109003155.27567B-100000@jobe.shell.portal.com> from "David W. Morris" at Jan 9, 96 00:36:45 am
Reply-to: rlemarr@stargate.promus.com
Errors-To: owner-www-security@ns2.rutgers.edu
David W. Morris writes:
>
>
> On Mon, 8 Jan 1996, Antonio Vasconcelos wrote:
>
[ SNIP, SNIP ]
> > Ok, so my question is somewhat basic, but I couldn't find an answer by myself.
> >
> > >From a security point of view, is there any reason to use METHOD=GET instead
> > of METHOD=POST when submiting forms ?
> >
> > I'm only asking this because a few days ago I come into a situation where I
> > had to use POST. I were happy until then with GET, but GET with TEXTAREA
> > fields when going through a TIS firewall looks to be a "no-no".
>
[ SNIP, SNIP ]
> Secondly, there are apparently some browsers and also firewall
> proxies or whatever which significantly limit the length of
> the URI. Base on STML limits associated with HTML are are
> element attribute value length limits.
>
I can confirm this. It happens to our site using the HP Raptor firewall.
Rick LeMarr
