curl-users
Re: curl security
From: Daniel Stenberg <daniel_at_haxx.se>
Date: Fri, 9 Jun 2006 00:51:13 +0200 (CEST)
Date: Fri, 9 Jun 2006 00:51:13 +0200 (CEST)
On Thu, 8 Jun 2006, Doug McNutt wrote:
> If you're using HTTPS a GET will still be easily recovered by a packet
> sniffer looking at headers. A POST will be encrypted along with the payload.
Sorry, but that's not true. There's no difference between a GET and a POST
when it comes to what is encrypted or not on a HTTPS connection. SSL/TLS is
done on the transfer layer.
That's also the reason why you can't use name-based virtual hosting on HTTPS
sites (until TLS 1.1 that is).
-- Commercial curl and libcurl Technical Support: http://haxx.se/curl.htmlReceived on 2006-06-09