Re: [Cppcms-users] query string
Brought to you by:
artyom-beilis
Menu
▾
▴
Re: [Cppcms-users] query string
|
From: kpeo <sla...@ya...> - 2015-09-30 15:48:56
|
<div>At my point security - is not about the data transferred between the client and server only.<br />Browser can store the url with requested data in history / cache. Or URL can be stored in clipboard, etc.<br /><span lang="en"><span>These data</span> <span>may not contain</span> <span>confidential data, but may contain some personal information. So GET increases the risks.<br /><span lang="en"></span></span></span></div><div><br />Best regards,<br />kpeo<br /><br />30.09.2015, 18:24, "Joerg Sonnenberger" <jo...@br...>:</div><blockquote type="cite"><p>On Wed, Sep 30, 2015 at 12:02:21PM +0300, kpeo wrote:</p><blockquote> And GET is less secure than POST, because itšexposes the information via the<br /> URL.</blockquote><p><br />Please don't repeat such nonsense. Both data sets can be easily forged.<br />Correctly written GET request handlers are secure simply because they do<br />not change any state. If they do, they are violating the RFCs badly.<br /><br /><br /></p><blockquote> The next, some time I use identifier / name of field using query<br /> string &amp;data[x][name]=value<br /> š<br /> Is it convert to array like PHP post method, or we must loop manually<br /> using request().get("data[x][name]")?</blockquote><p><br />They is no further deserialization going on, think of it as a string to<br />string map. If you need something more complex, it is often easiest to<br />hook up the JSON parser.<br /><br />Joerg<br /><br />------------------------------------------------------------------------------<br />_______________________________________________<br />Cppcms-users mailing list<br /><a href="mailto:Cpp...@li...">Cpp...@li...</a><br /><a href="https://lists.sourceforge.net/lists/listinfo/cppcms-users">https://lists.sourceforge.net/lists/listinfo/cppcms-users</a></p></blockquote> |
