On Sun, Feb 19, 2012 at 4:59 AM, Ken Gilmour <ken.gilmour@gmail.com> wrote:
What happens when the client sends a POST from a cached page on the end user's machine? E.g. if they post login credentials. Of course, they'll get the error page, but then you have confidential data in your logs and now you have to protect highly confidential info, at least if you're in europe.
Either you don't log the data on the webserver, or you notify the user that the POST form data has now been posted, and display the link to the public web page where their posted data now appears, on the error page. Once your user has shared "confidential" information unsolicited with an unknown third party, and the general public, the information's confidentiality was spoiled by the act of posting, regardless of the content of the information -- -JH