[pLog-svn] Re: AdminLoginAction

[Jon Daley]

 	I dislike sites that only use POST, and don't let you navigate the 
site in a useful way, with back/forward buttons disabled, etc.  I believe 
the rule is better stated: use GETs for data that doesn't change anything, 
and POSTs for stuff that changes.  This is what browsers assume, and warn 
you when you go to a page that had data POSTed, but won't warn you about 
GETed data.


On Wed, 22 Mar 2006, soosa soosa wrote:
> theres a rule in PHP world that says :" TRY ALWAYS TO HIDE YOUR DATA AS 
> MUCH AS POSSIBLE !!! ", actually its not the matter of disallowing the 
> user to see his data moving from place to place using the http request, 
> hiding the posted data in the body of the http is just much more secure 
> than sending them in the header of the http, you know what, i really 
> cannot remember the last time that i have used the $_GET super global 
> array !!!, it doesn't make sense to use it because simply you are giving 
> everybody the ability to "SEE" what you are posting, and even if the 
> data was really not that important it still should be considered 
> something precious and need to be secured, $_POST is just "and might be 
> the only !!" way to use to forward your data and let it swim from sea to 
> sea with less worrying :-)