Tyler Close wrote:
>
> This time it really was Ben Laurie who wrote:
> > The secret bits should be conveyed by something
> > other than the URL. For
> > example, POST data in a form, or output from a
> > client-side Java app
> > (also posted).
>
> Why?
Not for any fundamentally good reason: simply because browsers tend to show the URL to people but not POSTed data. Certainly not when it comes from a Java app. For example. So it is a defence against shoulder-surfing.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
- Indira Gandhi