Icon View Thread

The following is the text of the current message along with any replies.
Messages 1 to 3 of 3 total
Thread POST variables
Mon, Dec 11 2017 11:35 AMPermanent Link

erickengelke

Avatar


When I look at Firefox browser debug screens, EWB appears to send
user defined Parameters on the POST command URL like you would in Get.  If I'm
reading this display right, they form part of the URL.

Ideally POST and PUT would send them as part of an uploaded section, like you would with JSON.

Why care?  Most Unix and Windows systems log all complete URLs, so parameters on the URL would cause the log files to include userids and passwords in clear text.

Erick
http://www.erickengelke.com
Mon, Dec 11 2017 1:28 PMPermanent Link

Tim Young [Elevate Software]

Elevate Software, Inc.

Avatar

Email timyoung@elevatesoft.com

Erick,

<< When I look at Firefox browser debug screens, EWB appears to send user defined Parameters on the POST command URL like you would in Get.  If I'm reading this display right, they form part of the URL. >>

What context are you referring to ?  EWB *itself* only uses POST requests in two scenarios: debug logging and with databases/datasets for transaction commits, and it only uses URL parameters with the transaction commits if you elect to use URL parameters for authentication information (as opposed to HTTP headers).

Tim Young
Elevate Software
www.elevatesoft.com
Mon, Dec 11 2017 1:44 PMPermanent Link

erickengelke

Avatar

Tim Young [Elevate Software] wrote:
<< When I look at Firefox browser debug screens, EWB appears to send user defined Parameters on the POST command URL like you would in Get.  If I'm reading this display right, they form part of the URL. >>

> What context are you referring to ?  EWB *itself* only uses POST requests in two scenarios: debug logging and with databases/datasets for transaction commits, and it only uses URL parameters with the transaction commits if you elect to use URL parameters for authentication information (as opposed to HTTP headers).

Thanks for the clarification.  I was dealing with legacy REST servers (PHP and Java) and was setting EWB request method to rmPost.  I'll look closer at what I'm doing now.

E
http://www.erickengelke.com
Image