[UPHPU] receiving with $_REQUEST
Richard K Miller
richardkmiller at gmail.com
Thu Feb 28 16:30:53 MST 2008
On Feb 28, 2008, at 2:57 PM, Ben Reece wrote:
>
>> I agree with this point, the one's that Josh mentioned, and the
>> those covered on DoughBoy's blog (the link phpninja provided)
>> regarding well designed code and personally rarely ever use
>> REQUEST. My sole reason for starting this thread was to inquire
>> about the security side of it.
>>
> The only security concern I have regarding GET vs. POST, is that GET
> is often written to web server logs, where POST is usually not. If
> you're passing anything especially sensitive (e.g. credit card
> numbers), and you're using GET, you may need to make sure you web
> server logs are protected with the same level of security as
> anywhere else that same data is stored.
Good point. Also, in an SSL transaction, POST variables are encrypted
but GET variables are not.
More information about the UPHPU
mailing list