80:483 - GET and POST security

Zbigniew Koziol softquake-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Thu Oct 4 01:22:08 UTC 2007


On 10/3/07, Dave Mason <dmason-bqArmZWzea/GcjXNFnLQ/w at public.gmane.org> wrote:
> No, if you are accessing URL http://foo.bar/blat/babble?zot&zoot
> everything after domain name, i.e. everything after the 3rd / is part of
> the content, and the domain name in only visible in the IP headers as an
> IP address.

I have got it! I understand now! :)

> So, if you instead use https, since everything in the
> contents is encrypted, the only accessible information on or in the
> packets is the origin and destination IP addresses.
>
> So there is no difference in security between GET and POST.

Because both behave in the same way. On http they are accessible, and
on https they are encrypted. Right? I am sure so, now.

BTW, I have a feeling that Tomcat does not care is that GET or POST?
Eh, well, Tomcat is another story... It took me a lot of pain to have
it under reasonable control.

> To see this, you can replicate the above browser request by:

I wanted to sniff things and learn in that way, and I thought about
ethereal. But installing it is sometime a pain when dependances are
missing. I am on Centos 5. Are there around other good sniffing tools?
I do not care about GUI, would prefer rather a text based tool.

Thanks a lot!

zb.
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists





More information about the Legacy mailing list