[Previous] [Next] [Index]
[Thread]
Re: POST vs. GET
Two people have tried to help you out already and all you can say is "I still
think this and you're wrong" and "I don't care about that". With this type
of response, you wont get much help in the future. Chill out. Thank the
people for generously trying to come to your aid. You know... honey and
vinegar? If you don't want suggestions, don't post.
------------------------------------------------------------------------------
Kyle Amon amonk@labyrinth.cftnet.com http://labyrinth.cftnet.com/kka
------------------------------------------------------------------------------
On Tue, 9 Jan 1996, Antonio Vasconcelos wrote:
> At 09:08 09-01-1996 -0800, Robert S. Muhlestein wrote:
>
> >> > I'm only asking this because a few days ago I come into a situation where I
> >> > had to use POST. I were happy until then with GET, but GET with TEXTAREA
> >> > fields when going through a TIS firewall looks to be a "no-no".
> >> > I don't know why but everything after the first &0D looks to be truncated
> >> > somewhere in the way to the server. This includes the other lines that may
> >> > exist in the TEXTAREA and _ANY_ other field that may appear after the
> TEXTAREA.
> >
> >This may not have anything to do with the firewall at all. How
> >would it, actually? It could be associated with max size allowed for
> >QUERY_STRING (the env var used with method=GET). I believe this is why
> >method=POST is generally prefered for large amounts of data. Sounds like
> >your data is simply getting truncated after QUERY_STRING maxes out.
>
> I don't think so, because if I type "AEIOU" inside the TEXTAREA and _do_not_
> press ENTER it works fine, but if I type "AEIOU"<ENTER> (or even "A"<ENTER>)
> then all the rest is truncated. And, I if I'm working with an internal
> server (some type of machine, same operating system, some server software)
> GET works ok.
> I'm sure that there's something wrong with that http-gw.
>
> >> The only sensitive data implications I'm aware of are from the fact
> >> that the GET URI encoded form data is generally logged in the
> >> various server log files and also often appears in the URL/URI
> >> window of the browser. I've used the term 'sensitive data' because
> >> one can hardly consider a switch to POST 'secure' but data will be
> >> less visable to unexpected observers.
> >
> >True. Don't forget that QUERY_STRING is visible to anyone with shell
> >access to the web server during the run of the CGI. (Try a "ps -auxewwwww
> >|fgrep QUERY_STRING" on any web server running frequent CGIs to see what I
> >mean.) I believe this is really the reason POST is prefered. STDIN is
> >much harder to get at than the environment of the CGI.
>
> I don't care much about that, 1st I don't have confidential info in this
> machine, 2nd there is no login users (but myself) for me to worry about.
> But, if POST is safer than GET... Well, I swich to POST, no problem.
> regards,
>
> Antonio Vasconcelos @ The Lisbon $tock Exchange
> ..........................................................
> vasco@bvl.pt, vasco@individual.puug.pt, postmaster@bvl.pt,
> webmaster@bvl.pt, http://www.bvl.pt:8080/~vasco
> ..........................................................
> TEL: +351-1-790-9904 Bolsa de Valores de Lisboa
> FAX: +351-1-795-2026 R. Soeiro Pereira Gomes
> 1600 LISBOA
> http://www.bvl.pt/ PORTUGAL
> ..........................................................
> All opinions are my own, my employer thinks I'm working
> ..........................................................
>
>
References: