[pLog-svn] Re: AdminLoginAction
Jon Daley
plogworld at jon.limedaley.com
Wed Mar 22 19:37:56 GMT 2006
I dislike sites that only use POST, and don't let you navigate the
site in a useful way, with back/forward buttons disabled, etc. I believe
the rule is better stated: use GETs for data that doesn't change anything,
and POSTs for stuff that changes. This is what browsers assume, and warn
you when you go to a page that had data POSTed, but won't warn you about
GETed data.
On Wed, 22 Mar 2006, soosa soosa wrote:
> theres a rule in PHP world that says :" TRY ALWAYS TO HIDE YOUR DATA AS
> MUCH AS POSSIBLE !!! ", actually its not the matter of disallowing the
> user to see his data moving from place to place using the http request,
> hiding the posted data in the body of the http is just much more secure
> than sending them in the header of the http, you know what, i really
> cannot remember the last time that i have used the $_GET super global
> array !!!, it doesn't make sense to use it because simply you are giving
> everybody the ability to "SEE" what you are posting, and even if the
> data was really not that important it still should be considered
> something precious and need to be secured, $_POST is just "and might be
> the only !!" way to use to forward your data and let it swim from sea to
> sea with less worrying :-)
More information about the pLog-svn
mailing list