[1423] in WWW Security List Archive
Re: POST vs. GET
daemon@ATHENA.MIT.EDU (Owen Rees)
Mon Jan 15 11:13:29 1996
To: Antonio Vasconcelos <vasco@bvl.pt>
Cc: www-security@ns2.rutgers.edu
In-Reply-To: Message from vasco@bvl.pt of Mon, 08 Jan 1996 23:05:31
+0000.
<199601082305.AA19350@jessica.bvl.pt>
Date: Mon, 15 Jan 1996 13:11:57 +0000
From: Owen Rees <rtor@ansa.co.uk>
Errors-To: owner-www-security@ns2.rutgers.edu
Antonio Vasconcelos <vasco@bvl.pt> writes:
> I'm only asking this because a few days ago I come into a situation where I
> had to use POST. I were happy until then with GET, but GET with TEXTAREA
> fields when going through a TIS firewall looks to be a "no-no".
> I don't know why but everything after the first &0D looks to be truncated
> somewhere in the way to the server. This includes the other lines that may
> exist in the TEXTAREA and _ANY_ other field that may appear after the TEXTAREA.
Do you mean that the URL contains a control code? (Since '&' is the
conventional field separator, I am guessing that you do not mean the
three characters '&' '0' 'D' in this context). If so, your browser (or
whatever other client) is broken - it should be escaping it to %0D
(three characters). Control codes in URLs are the sort of dangerous
thing that a firewall is there to trap.
Owen Rees <rtor@ansa.co.uk>
Information about ANSA is at <URL:http://www.ansa.co.uk/>.
