If your form is a post, the values should not appear on the URL.
However, sending them as a post doesn't make them any more secure than a get, just because they are not on the URL. They are still sent as plain text in the request body.
If you are concerned with security, you need to use SSL to encrypt the data during transmission.
Joined: Aug 15, 2006
Thank You for the information.
But is there any way to stop treating request parameters as form parameters when I forecully send parameters through request url.
I want to prevent/stop login successful when doing this
https://xyz/logon.do?username=devuser&password=devpwd Is there any hack or a real solution for this?