[Dshield] seems like a flaw in a yahoo url
tom.laermans at powersource.cx
Fri Apr 23 22:33:57 GMT 2004
On Fri, 2004-04-23 at 15:53, Andy Streule wrote:
> some login systems dont put the login details in a url tho. those
> systems are safer arent they?
No, they aren't.
If you "see" the data in the URL, the page is using the HTTP GET
technique to fill out the form. There is no reason why the
client/script/whatever can not simply use the POST technique (with
"hidden" parameters), that doesn't make it more secure.
PowerSource Network Administrator
More information about the list