You would only want to use GET for parameters that should be shared with others, i.e: /viewprofile.php?id=1234, /googlemaps.php?lat=xxxxxxx&lon=xxxxxxxĪs says URLs are logged and appear in more places thus GET requests are a little more insecure than POST requests. I just wanted to mention that you should probably use POST for most of your data. I cannot email you a link that will force a POST request, but I most certainly can send you a link with a malicious GET request. The biggest security issue with GET is not malicious intent of the end-user, but by a third party sending a link to the end-user. It is very easy to fake POST requests, and shouldn't be trusted outright. The problem when comparing security between the two is that POST may deter the casual user, but will do nothing to stop someone with malicious intent. When using GET, it makes it very easy to alter the data being submitted the the server as well, as it is right there in the address bar to play with. This means that parameters are stored in server logs, and browser history. POST is more secure than GET for a couple of reasons.
0 Comments
Leave a Reply. |