I've changed the function preBid() and bid() from GET to POST. Several other changes had been done on the code. I will commit the new file auction.c within the next days.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
That's correct, but none of them passes any private data though the GET request.
Did you verify your patch along the whole bidding process ?
Yes, it did work for me. Even if it doesn't contain private data, everything should still be in https to prevent snooping.
Done ! I will commit the patch within the next days.
Thank you very much for your submission,
This would only be a very first step to get better privacy.
Meanwhile most of the ebay forms are using the "POST" method instead of "GET".
e.g.
https://offer.ebay.com/ws/eBayISAPI.dll?MakeBid&fromPage=pageid&item=itemid&fb=2
all other items (maxbid, quant, ...) are transmitted in the data section.
Just changing from "http" to "https" will not prevent others from reading the data, because they are transmitted via the url-parameters.
I've changed the function preBid() and bid() from GET to POST. Several other changes had been done on the code. I will commit the new file auction.c within the next days.
See committed [16ae50]
Related
Commit: [16ae50]