[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Global Namespaces

Subject: Re: Global Namespaces
From: Luke <..hidden..>
Date: Sat, 13 Mar 2010 20:21:15 -0500 (EST)

On Sat, 13 Mar 2010, Chris Travers wrote:

On Sat, Mar 13, 2010 at 1:09 PM, Luke <..hidden..> wrote:

On Sat, 13 Mar 2010, Chris Travers wrote:

On Sat, Mar 13, 2010 at 12:12 PM, Luke <..hidden..> wrote:

Furthermore, if we agree that data shouldn't be saved to the db on a
GET request, then the XSRF benefits are the same.


I guess I was thinking more along the lines of packet sniffing and
logging.
http://www.w3.org/Protocols/rfc2616/rfc2616-sec15.html#sec15.1.3


If you can sniff packets, you can pull POST data out as easily.
Really, that's an argument for using SSL, which we document as
extremely highly recommended.  Logging is discussed more below.

I am assuming SSL. Correct me if I am wrong, but my recollection is thatthe query string (I.E. get) is in the clear with SSL, whereas post data isnot.

Do I have a fundimental misunderstanding or massive brain fart here?

Luke

Follow-Ups:
- Re: Global Namespaces
  - From: Chris Travers

References:
- Global Namespaces
  - From: Chris Travers
- Re: Global Namespaces
  - From: John Locke
- Re: Global Namespaces
  - From: Chris Travers
- Re: Global Namespaces
  - From: Luke
- Re: Global Namespaces
  - From: Chris Travers
- Re: Global Namespaces
  - From: Luke
- Re: Global Namespaces
  - From: Chris Travers

Prev by Date: Re: Global Namespaces
Next by Date: Re: Global Namespaces
Previous by thread: Re: Global Namespaces
Next by thread: Re: Global Namespaces
Index(es):
- Date
- Thread