-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi.

| Looks like somehow I gave the impression that I think cgi.rb
| should add features simply because PHP has them. Let me try to
| be a bit clearer about why I was mentioning features in both
| PHP and ASP. These are probably the most widely used languages
| designed specifically for Web-based programming. So it would
| seem to me to make pretty good sense to mention the features
| in those languages which are specific to HTTP requests when
| discussing the functionality of Ruby's default Web-based
| programming library.

Yeah, that's what I did, also. :-)

| Actually the query_string var is populated correctly with data
| on a POST -- Originally I was parsing out the variables from
| there, before I decided to have a look at cgi.rb. That's what
| makes it sillier: the data is there -- so why leave those params
| out of the default hash simply because the method was changed
| to POST?  It's like Nigel Tuffnel with that Les Paul guitar
| in the Spinal Tap movie -- "Don't even look at it!!!" Would
| you reasonably expect the cookies to vanish because you used
| changed the request method? So why should query string data?

I originally asked for separated hashes because for ex, if I have a form
with two input fields called "id" and "password", I'd like to make sure
that they came from a POST (from a FORM), and not from a GET, like:

http://localhost/mypage?id=john&password=doe

It's not impossible to create a automatic word list POSTing script, but
it's easier to make it using the GET way. So a guy could make a huge loop n
your URL till it get a valid return (or you block it's IP or something like
that). So you will not allow the guy to do:

http://localhost/mypage?id=john&password=mary
http://localhost/mypage?id=john&password=password
http://localhost/mypage?id=john&password=catsname

bla bla bla

Using the values from a different POST hash will make sure that it was
POSTed values there. As I said, not impossible to fake, but ...

| I need to stop here, as it's already getting late, and I figure
| I've likely bored/annoyed everyone enough with all this. I would
| love to hear more thoughts on this.

Nah, we're all talking about this, and talking is good. :-)

Best regards,

- ----------------------------
Eust?quio "TaQ" Rangel
eustaquiorangel / yahoo.com
http://beam.to/taq
Usu?rio GNU/Linux no. 224050
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFBz+R8b6UiZnhJiLsRAv/tAJ9WQYghd/UD4aGM47PBSgqnskrPrwCffstm
d21NVVh9091lzZ5sSJHVZHo=
=/54L
-----END PGP SIGNATURE-----