Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> The main point I think is, that GET Requests are logged in log-files which are usually accessible by more people that the main database.

This is an outright assumption, and it's a bad one.

This is a non-issue, because they do NOT log these requests, and it's https.

So move on, this is just noise.



I don't know where you got the information that they do not log these requests, but it is a good assumption, not a bad one. It would be atypical not to log every https request.


A lot of setups have one machine doing the SSL and then forwarding the requests over HTTP to backend servers which are logging the requests and would include GET parameters in the log file.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: