Netscape's use of SSL

Ben Laurie
Sun, 07 Nov 1999 23:26:48 +0000

Tyler Close wrote:
> This time it really was Ben Laurie who wrote:
> > The secret bits should be conveyed by something
> > other than the URL. For
> > example, POST data in a form, or output from a
> > client-side Java app
> > (also posted).
> Why?

Not for any fundamentally good reason: simply because browsers tend to
show the URL to people but not POSTed data. Certainly not when it comes
from a Java app. For example. So it is a defence against




"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
     - Indira Gandhi