Page 14, section 3.3 Security considerations. In addition to the
internet hacker goblin, there are two points of exposure in common
practice where password input (and hidden field data) may be
inadvertantly revealed:
1. The http server log file which logs the GET request
2. The URL display field(s) provided my many user agents
I believe the exposure is sufficiently obvious to not merit elaboration,
but feel free to ask.
Based on those exposures, I propose adding the following to the
end of section 3.3.
Use of the <FORM> METHOD=GET (as well as references to Query URIs)
should be avoided when sensitive information will be included in the
resulting Query URI as that information may be visable when the
requested document is displayed by the user agent. It is typical
for http servers to log GET request URI values which would also
expose the sensitive values if the log file is readible by
unauthorized users.
Information providers should also be aware that some current user
agents ignore the METHOD=POST specification and hence subject
all sensitive information to the above risk.
Dave Morris