80:483 - GET and POST security
Zbigniew Koziol
softquake-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Thu Oct 4 00:26:35 UTC 2007
Some time ago I argued that there is no difference between security of
GET and POST methods when using http.
How however about when https protocol is used?
Well, I know, I could find the answer myself. But this way is
hopefully quicker and talking with others on this list is always a
pleasure to me.
URL address posted by GET method is volnurable to interception by
monkey in the middle, in case of both, http and https requests. So,
for instance, sending GET https requests with session id within URL
seems risky. How about if session id was send through POST method?
Thats not clear to me - will it be encrypted or not?
zb.
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list