Dennis Allison wrote:
The parameters passed by GET and, to a lesser extent, the URLs themselves, represent a security issue in one of our systems.
What does that mean? Why do you think its a security issue?
A partial solution would be to make POST not GET the standard for parameter transmital. Has anyone tried this? I suspect there are all sorts of hidden gotchas.
Using POST to send query params instead of GET is trivial. The only gotchas are that using very few browsers handle redirecting POST transactions correctly. This doesn't have anything to do with security though. -- Jamie Heilman http://audible.transient.net/~jamie/ "...thats the metaphorical equivalent of flopping your wedding tackle into a lion's mouth and flicking his lovespuds with a wet towel, pure insanity..." -Rimmer