[Dshield] seems like a flaw in a yahoo url

Tom Laermans tom.laermans at powersource.cx
Fri Apr 23 22:33:57 GMT 2004

On Fri, 2004-04-23 at 15:53, Andy Streule wrote:

> some login systems dont put the login details in a url tho. those
> systems are safer arent they?

No, they aren't.

If you "see" the data in the URL, the page is using the HTTP GET
technique to fill out the form. There is no reason why the
client/script/whatever can not simply use the POST technique (with
"hidden" parameters), that doesn't make it more secure.

PowerSource Network Administrator

More information about the list mailing list