"Diez B. Roggisch" <[email protected]> writes: > Also, your claim of it being more risky is simply nonsense. GET is a > tiny bit more prone to tinkering by the average user. But calling this > less risky is promoting security by obscurity, at most.
GET parameters also tend to get recorded in the http logs of web proxies and web servers while POST parameters usually aren't. This was an annoyance in a web chat package I fooled with for a while. Because the package sent user messages by GET, if I ran the software the way the developers set it up, the contents of all the user conversations stayed in my server logs. I was unable to convince the chat package maintainers that this was a bug. I ended up doing some fairly kludgy hack to prevent the logging. -- http://mail.python.org/mailman/listinfo/python-list
