The Movie Database Support

I've been reading the API documentation and note that the validate_with_login method is a GET operation. You have already documented how this would send the username and password in the plain, so do not recommend its use. However, if you allowed the username and password fields to be passed in a POST, implementors could opt to use the HTTPS interface to reduce the exposure.

I know that the TLS/SSL session covers the connection to the server, before the query is sent, so the data is not necessarily sent in the plain, but outbound logging by the user agent is more likely to include the query than the postdata.

Is there any reason you elected to go with a GET, rather than a POST here?

1 reply (on page 1 of 1)

Jump to last post

Hi jimbobmcgee,

There's no reason in particular, just lack of a request. I've created a new ticket for this here, and will look at it when I have some time. It's pretty straightforward to add so I'll try to get to it sooner than later.

Cheers.

Can't find a movie or TV show? Login to create it.

Global

s focus the search bar
p open profile menu
esc close an open window
? open keyboard shortcut window

On media pages

b go back (or to parent when applicable)
e go to edit page

On TV season pages

(right arrow) go to next season
(left arrow) go to previous season

On TV episode pages

(right arrow) go to next episode
(left arrow) go to previous episode

On all image pages

a open add image window

On all edit pages

t open translation selector
ctrl+ s submit form

On discussion pages

n create new discussion
w toggle watching status
p toggle public/private
c toggle close/open
a open activity
r reply to discussion
l go to last reply
ctrl+ enter submit your message
(right arrow) next page
(left arrow) previous page

Want to rate or add this item to a list?

Login