curl-users
Re: curl security
Date: Thu, 8 Jun 2006 16:46:15 -0600
At 22:23 +0000 6/8/06, Joel Keeble wrote:
>when using curl is there any security problem with get compared with post? because a browser is not used.
>
>when a browser is used get will append the submitted info to the end of the url - my theory is no browser no security issue with get. is this correct?
If you're using HTTPS a GET will still be easily recovered by a packet sniffer looking at headers. A POST will be encrypted along with the payload.
If you're poking into sites that are written to be seriously secure when someone else uses a browser to access them you'll find that they require passwords and other PIN numbers to be delivered with a POST.
Are you planning to use the HTTP/HTTPS protocol without benefit of a web server like apache?
-- --> Life begins at ovulation. Ladies should endeavor to get every young life fertilized. <--Received on 2006-06-09