Passing parameters in URL

Paul Rubin no.email at nospam.invalid
Wed Feb 3 23:35:39 CET 2010


"Diez B. Roggisch" <deets at nospam.web.de> writes:
> If somebody happens to have access to a proxy & it's logs, he can as
> well log the request body.

I'm not talking about a malicious server operator.  In this situation, I
was the server operator and I didn't want to be recording the
conversations.  I had to go out of my way to stop the recording.  SSL
doesn't help and in fact I was using it, but web server logging happens
after the SSL layer.  I suppose SSL would help against a malicious
proxy.

Many people back in those days (before AJAX became a buzzword du jour)
wanted to do encryption on the client in java or javascript, but that
was almost unworkably kludgy, and SSL was the only approach that made
any sense.  It might be easier now that the javascript API's are richer
and the interpreters are faster.



More information about the Python-list mailing list