Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Kevin Spett (kspett_at_spidynamics.com)
Date: Wed Jul 10 2002 - 14:38:20 CDT
POST is definitely better than GET. In a GET request the query data is sent
as part of the URL, which will likely be logged by the webservers or proxies
that it passes through. POST data is in the body of the HTTP request and
isn't logged. Hidden form input vs. visible input doesn't really, as long
as you use POST. Depending on how sensitive the information is and how your
application is designed, you may also want to do application-layer
encryption on the query data. This way, you can protect the information
from being viewed by someone who needs to have access to (or has stolen) the
server's PKI keys, such as a system administrator, but should not be able to
view confidential customer information.
And of course, Ye Olde Secure Sockets Layer.
I hope that helps.
SPI Dynamics, Inc.
----- Original Message -----
From: "Steven Fling" <SFLINGoppenheimerfunds.com>
Sent: Wednesday, July 10, 2002 2:36 PM
Subject: Best Practices for passing data via HTTP
Our application communicates across various application server environments
via HTTP/HTTPS requests (versus RMI, etc.) and needs to pass data/parameters
back and forth. Naturally we use SSL to encrypt the request/response.
I wanted to see if there were any Best Practices established to transfer
data in this fashion. POST vs. GET method, querystring vs. hidden form
Any insight would be appreciated!
Managing Architect - Web Development
This electronic mail transmission may contain confidential information and
is intended only for the person(s) named. Any use, copying or disclosure by
any other person is strictly prohibited. If you have received this
transmission in error, please notify the sender via e-mail.