If you're talking about getting user data into a web script, then GET, POST,
and cookies are the only options. All three are insecure, because they're
coming from the user. The user is guilty until proven otherwise. Sanitize
thy input.
Sensitive data like username and password should never be sent by GET, because
GET is bookmarkable while POST is not. GET should be used only for lookup of
data, POST for any modification of data. I generally default to POST unless
I specifically want something to be bookmarkable or copyable into an email to
send to someone.
On Saturday 02 December 2006 10:29, Alain Roger wrote:
> Hi,
>
> Based on phpsec.org documentation it is written ("between lines") that GET
> and POST methods are still used but they are not the most secured (except
> if we take care for that).
> So, i would like to know which other methods are more secured that those 2.
>
> thx.
> Alain
> ------------------------------------
> Windows XP SP2
> PostgreSQL 8.1.4
> Apache 2.0.58
> PHP 5
--
Larry Garfield AIM: LOLG42
larry@xxxxxxxxxxxxxxxx ICQ: 6817012
"If nature has made any one thing less susceptible than all others of
exclusive property, it is the action of the thinking power called an idea,
which an individual may exclusively possess as long as he keeps it to
himself; but the moment it is divulged, it forces itself into the possession
of every one, and the receiver cannot dispossess himself of it." -- Thomas
Jefferson
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
