Re: POST vs. GET

• To: www-security@ns2.rutgers.edu
• Subject: Re: POST vs. GET
• From: "Ricky G. LeMarr" <rlemarr@promus.com>
• Date: Thu, 11 Jan 1996 15:54:35 -0600 (CST)
• In-Reply-To: <Pine.SUN.3.90.960109003155.27567B-100000@jobe.shell.portal.com> from "David W. Morris" at Jan 9, 96 00:36:45 am
• Reply-to: rlemarr@stargate.promus.com

David W. Morris writes:
> 
> 
> On Mon, 8 Jan 1996, Antonio Vasconcelos wrote:
> 

[ SNIP, SNIP ]

> > Ok, so my question is somewhat basic, but I couldn't find an answer by myself.
> > 
> > >From a security point of view, is there any reason to use METHOD=GET instead
> > of METHOD=POST when submiting forms ?
> > 
> > I'm only asking this because a few days ago I come into a situation where I
> > had to use POST. I were happy until then with GET, but GET with TEXTAREA
> > fields when going through a TIS firewall looks to be a "no-no".
> 

[ SNIP, SNIP ]

> Secondly, there are apparently some browsers and also firewall 
> proxies or whatever which significantly limit the length of
> the URI.  Base  on STML limits associated with HTML are are
> element attribute value length limits. 
> 

I can confirm this.  It happens to our site using the HP Raptor firewall.

Rick LeMarr

• Re: POST vs. GET
• From: "David W. Morris" <dwm@shell.portal.com>

• Previous: Looking for sources on agent security
• Next: Re: Looking for sources on a
• Index(es):
  • Index
  • Thread