|
|
|
|
|
|
by bp001
6704 days ago
|
|
|
Where it becomes a problem for people who own a website is when this behavior causes additional support calls due to a more informative 404 page being masked. It will likely result in incidences where support staff have a checklist of "do you have the Google Toolbar installed? Uninstall it first." However, I don't imagine there will be a ton of cases like this. I do think it is a mistake that the Google Toolbar enables this by default. Taking this power away from the website owners is not good. And let's be honest, At least 50% of people who have the toolbar installed are not technically savvy and a good portion of them probably didn't even intend to install the software (it was bundled with another download, etc). Also, I don't see a problem with the practice of putting sensitive data in GET variables if the website is protected by SSL - Am I missing something? Edit: Thanks for the reply aaco, those are both valid reasons and I appreciate the insight. |
|
|
GET requests are logged by the web server and in the browser history in plain text, even for SSL requests.
Therefore any server administrator or computer user can have access to those information just reading the server log or the browser history.