Thread: Make Supper Club bookings online !!!
View Single Post
Old 08-25-2007, 12:33 AM zydecocruiser is offline     #11 (permalink)
zydecocruiser
Almighty Cruiser
 
zydecocruiser's Avatar


Join Date: Feb 2006
Posts: 11,032
Frubals:2147483647
zydecocruiser has a reputation beyond reputezydecocruiser has a reputation beyond reputezydecocruiser has a reputation beyond reputezydecocruiser has a reputation beyond reputezydecocruiser has a reputation beyond reputezydecocruiser has a reputation beyond reputezydecocruiser has a reputation beyond reputezydecocruiser has a reputation beyond reputezydecocruiser has a reputation beyond reputezydecocruiser has a reputation beyond reputezydecocruiser has a reputation beyond repute
Activity:
Today:
Quote:
Originally Posted by Char View Post
The only problem I have with it is that is is not a secure page! You are putting personal info in and it could be "stolen".
A small chance, but not eggzactly how you are thinking.

I perused the code and they are using the post method which is preferred.

<form method="POST" action="http://surv.cheetahmail.com/s" method="POST" name="carn" onsubmit="return checkform();">
<input type="hidden" name="a" value="1">
<input type="hidden" name="n" value="28">
<input type="hidden" name="o" value="1">
<input type="hidden" name="t" value="">
<input type="hidden" name="aid" value="982238741">


-----------------------------------------------------------------

Use POST instead of GET:

HTML forms can be submitted using either GET or POST methods. POST is preferred, especially when sending sensitive information.
The GET method sends all form input to the web application as part of the URL. For example:

http://www.yourdomain.com/cgi-bin/ca...sword=happypup
When the web application is called using GET, the above input is visible on the browser's URL location window. However, a more dangerous problem is that URLs are logged in many places:
  • The web server access log
  • The web browser's disk cache and history file
  • In firewall logs
  • In proxy server and web cache logs such as Squid.
All this logging allows others to see the data sent from HTML forms using GET.
The POST method sends form input in a data stream, not part of the URL. The data is not visible in the browser location window and is not recorded in web server log files.
The POST method is also more practical... there's a limit to how many characters can be sent using the GET method, but POST can send an almost unlimited amount of data from an HTML form.
However, even though POST information is generally not logged, like all other plain text information sent from a browser it can still be sniffed as it passes across the Internet. However, sniffing must be done in real time as information is sent across the Internet and requires the attacker to have physical access to the data lines between the web browser and web server. The risk of information being sniffed is far less than the risk of information being gathered from log files.
My Signature "If cruise lines sold liquor at reasonable prices, they would make more money and my suitcase wouldn't weigh so much."

See my Carnival Splendor B2B2B Inaugural Voyages pics: http://www.zydecocruiser.com/splendor/splendor.htm
Cruise Countdown carnival
Carnival Freedom - Western Caribbean - Nov 30, 2008 in If you can read this, it must be time for me to update again!