Hacker News new | ask | show | jobs
by splatcollision 3649 days ago
I knew there was a reason I always prefer POSTing data as opposed to GET query params.

It still gives attackers the knowledge that if they can get access to the logfiles, they can see passwords. Then the problem becomes getting access to the logfiles!

Any leak of relevant information about security is of potential value.
1 comments
developer2 3649 days ago
It's less of a concern about an attacker gaining access to the log files, as it is that passwords should simply not be stored plaintext... anywhere. One doesn't really need to ask "why", it's just good common sense.
link
sigkill 3649 days ago
I might even go as far as saying that passwords should simply not be stored at all anywhere.
link