cURL / Mailing Lists / curl-users / Single Mail


Re: curl security

From: Doug McNutt <>
Date: Thu, 8 Jun 2006 16:46:15 -0600

At 22:23 +0000 6/8/06, Joel Keeble wrote:
>when using curl is there any security problem with get compared with post? because a browser is not used.
>when a browser is used get will append the submitted info to the end of the url - my theory is no browser no security issue with get. is this correct?

If you're using HTTPS a GET will still be easily recovered by a packet sniffer looking at headers. A POST will be encrypted along with the payload.

If you're poking into sites that are written to be seriously secure when someone else uses a browser to access them you'll find that they require passwords and other PIN numbers to be delivered with a POST.

Are you planning to use the HTTP/HTTPS protocol without benefit of a web server like apache?

--> Life begins at ovulation. Ladies should endeavor to get every young life fertilized. <--
Received on 2006-06-09