WebApp Sec mailing list archives
RE: GET and POST Methods Accepted
From: "christopher baus" <christopher () baus net>
Date: Thu, 13 Oct 2005 18:04:22 -0000 (GMT)
Anyway I share this only because the original post seemed to focus on GET vs. POST more than XSS. I restrict GET as much as possible in site development because it can expose the inner workings of the site and secure methodology or not, we all miss something from time to time.
I don't understand this philosophy. If you forget what is visible in the web browser and look at what is put on the wire, which is trivially viewed with packages like ethereal, the only difference between GET and POST requests is that the parameters for GET requests are on the request line and parameters for POST requests are in the body. To me the security implications are practically identical.
Current thread:
- Re: GET and POST Methods Accepted, (continued)
- Re: GET and POST Methods Accepted christopher baus (Oct 13)
- Re: GET and POST Methods Accepted Damien Watson (Oct 13)
- Re: GET and POST Methods Accepted Serg Belokamen (Oct 13)
- Re: GET and POST Methods Accepted Eoin Keary (Oct 13)
- Re: GET and POST Methods Accepted Amit Klein (AKsecurity) (Oct 13)
- Re: GET and POST Methods Accepted John GALLET (Oct 13)
- Re: GET and POST Methods Accepted Eoin Keary (Oct 13)
- Re: GET and POST Methods Accepted John GALLET (Oct 13)
- Re: GET and POST Methods Accepted Eoin Keary (Oct 13)
- Re: GET and POST Methods Accepted Paul Laudanski (Oct 18)
- RE: GET and POST Methods Accepted Derick Anderson (Oct 13)
- RE: GET and POST Methods Accepted christopher baus (Oct 13)
- RE: GET and POST Methods Accepted Joe Teff (Oct 13)
- RE: GET and POST Methods Accepted christopher baus (Oct 13)
- RE: GET and POST Methods Accepted Derick Anderson (Oct 14)