Steve,

You've seen lots of information from many people about the security
of GET versus POST and the merits and drawbacks of using either.

Just as another data point, here is a very handy rule of thumb
that I use:

GET is for getting data. Use it for intransient queries.

POST is for posting data. Use it for transient application info.

IOW, searches and queries that don't have application-specific
relevance can be a good place to use GET. If your user is interacting
with the application, it's generally okay to use POST.

I think a previous poster pointed out that allow a user to use GET
any time you think it'd be okay for them to bookmark a page.

-daniel

On Wednesday, July 10, 2002, at 01:36 PM, Steven Fling wrote:

> Our application communicates across various application server
> environments via HTTP/HTTPS requests (versus RMI, etc.) and needs to
> pass data/parameters back and forth. Naturally we use SSL to encrypt
> the request/response.
>
> I wanted to see if there were any Best Practices established to
> transfer data in this fashion. POST vs. GET method, querystring vs.
> hidden form variable, etc.
>
> Any insight would be appreciated!
>
> ____________________________________
> Steve Fling
> Managing Architect - Web Development
> OppenheimerFunds, Inc.
> sflingoppenheimerfunds.com
> Office: 303.768.3200
> FAX: 303.768.1096
> http://www.oppenheimerfunds.com
> ____________________________________
>
>
> This electronic mail transmission may contain confidential information
> and is intended only for the person(s) named. Any use, copying or
> disclosure by any other person is strictly prohibited. If you have
> received this transmission in error, please notify the sender via
> e-mail.
>
>
-daniel
danielhedrick.org

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]