I knew there was a reason I always prefer POSTing data as opposed to GET query p... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		splatcollision on June 29, 2016 \| parent \| context \| favorite \| on: Ebay posts every character a user types into the p... I knew there was a reason I always prefer POSTing data as opposed to GET query params. It still gives attackers the knowledge that if they can get access to the logfiles, they can see passwords. Then the problem becomes getting access to the logfiles! Any leak of relevant information about security is of potential value.

developer2 on June 29, 2016 [–]

It's less of a concern about an attacker gaining access to the log files, as it is that passwords should simply not be stored plaintext... anywhere. One doesn't really need to ask "why", it's just good common sense.

sigkill on June 29, 2016 | [–]

I might even go as far as saying that passwords should simply not be stored at all anywhere.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact