[Catalog-sig] UPDATE: PyPI - Python Package Index
Paul Prescod
paul@prescod.net
Fri, 08 Nov 2002 15:51:04 -0800
Thomas Heller wrote:
> Richard, a small additional thing:
>
> You always seem to do GET requests.
>
> This means, for requesting a login, the initial password
> is part of the URL, and chances are high, that this URL will show up
> in someone's referrer logs. Not nice, IMO.
>
> I probably don't know the rules completely, but this is what I do,
> and it makes sense to me:
>
> - When a request changes something on the server, do a POST.
>
> - When an URL searches for something, do a GET, so that I can bookmark
> it.
Those rules are quite right and according to the HTTP specification.
> - Otherwise, decide from case to case.
There are very few other cases.
Also, HTTP has a way of doing username and passwords so there should
seldom be a requirement to pass them as data instead of in the protocol
headers.
Paul Prescod