|
|
|
|
|
|
by thephyber
2222 days ago
|
|
|
No. GET params in the URL should not have security-sensitive data this wasn't always widely known. Even in HTTPS-everywhere world, there are still security implications. Early versions of some PHP sites, for example, would pass around auth tokens (think the auth cookie) in a URL. This soon became an obvious problem when users copy-pasted their URLs into forum posts, non-HTTPS URLs were logged by proxies, and web server access logs became gold mines for maybe-still-active sessions. |
|
|