4 Feb
2004
4 Feb
'04
4:09 p.m.
The parameters passed by GET and, to a lesser extent, the URLs themselves, represent a security issue in one of our systems. One solution, which we tied and have had to back-off from, is to configure the browser window to simply not display the URL and Status lines. The problem there is that the pop-up blockers (now becoming common) interfere. Another, no longer available )-: , would be to exploit the URL hack that MS has just release an IE patch to fix. A partial solution would be to make POST not GET the standard for parameter transmital. Has anyone tried this? I suspect there are all sorts of hidden gotchas. Suggestions?