来源 php.net 评论区

-- nucc1

worth clarifying:

POST is not more secure than GET.

The reasons for choosing GET vs POST involve various factors such as intent of the request (are you "submitting" information?), the size of the request (there are limits to how long a URL can be, and GET parameters are sent in the URL), and how easily you want the Action to be shareable -- Example, Google Searches are GET because it makes it easy to copy and share the search query with someone else simply by sharing the URL.

Security is only a consideration here due to the fact that a GET is easier to share than a POST. Example: you don't want a password to be sent by GET, because the user might share the resulting URL and inadvertently expose their password.

However, a GET and a POST are equally easy to intercept by a well-placed malicious person if you don't deploy TLS/SSL to protect the network connection itself.

All Forms sent over HTTP (usually port 80) are insecure, and today (2017), there aren't many good reasons for a public website to not be using HTTPS (which is basically HTTP + Transport Layer Security).

As a bonus, if you use TLS  you minimise the risk of your users getting code (ADs) injected into your traffic that

--  Toasty_Pallate

It is worth noting that GET request parameters can be cached while POST request parameters are not. Meaning that if a password is GETted it is stored at various points on the way to the server (Your browser and anyone it's sharing info with, the people manning the firewall at the Org that is receiving the GET, the server logs, etc.)

While it is true that HTTPS encrypts the URL and GET request parameters, nothing guarantees that there is not a Web Application Firewall (that decrypts all traffic going into the Org for inspection) and is logging user info or that one will be implemented in the future at your org. Logs in plain-text are (hopefully) a LOT easier to compromise than a database of hashed passwords.

So if you're managing sensitive information, it's best to use POST.

随机推荐

  1. iReport - 无法正常启动的解决方法

    问题与分析 最近需要用到iReport报表工具,但是在启动客户端时却发现只出现了启动界面,很快就界面消失没反应了.反复打开了好几次客户端,都无法正常打开.问了下同事,说是因为jdk升级的原因,以前项目 ...

  2. 虚拟机无法分配内存 virtual memory exhausted: Cannot allocate memory

    1.内存交换空间(swap)的构建 安装Linux时一定需要的两个分区:根目录和swap(内存交换空间). swap的功能:在应付物理内存不足的情况下所造成的内存扩展记录的功能. 物理内存不足的时候, ...

  3. 090 Subsets II 子集 II

    给定一个可能包含重复整数的列表,返回所有可能的子集(幂集).注意事项:解决方案集不能包含重复的子集.例如,如果 nums = [1,2,2],答案为:[  [2],  [1],  [1,2,2],  ...

  4. 页面在Native端滚动时模拟原生的弹性滚动效果

    width: 100%;overflow: scroll;overflow-y: hidden;-webkit-overflow-scrolling: touch;   ---- 对应的滚动内容内添加 ...

  5. TI德州芯片TLV系列和TPS系列芯片区别(转)

    TLV和TPS一般会有pin to pin的对应型号: 一般来讲,TPS精度.准确度和性能会好一些,所以价钱要贵一些: 对应TLV就是一样可以实现上述功能,但是精度和性能等级是稍微低一点的: 具体选择 ...

  6. kafka系列二:多节点分布式集群搭建

    上一篇分享了单节点伪分布式集群搭建方法,本篇来分享一下多节点分布式集群搭建方法.多节点分布式集群结构如下图所示: 为了方便查阅,本篇将和上一篇一样从零开始一步一步进行集群搭建. 一.安装Jdk 具体安 ...

  7. GIT本地pull远程失败,本地tag与远程仓库不匹配问题

    2019-05-15 问题现象: 1.GIT本地目录无法pull下远程仓库已新增的内容,一直提示Already up to date  2.git log 命令显示没有远端的tag版本 $git lo ...

  8. 初学者应该怎么学习前端?web前端的发展路线大剖析!

    写在最前: 优秀的Web前端开发工程师要在知识体系上既要有广度和深度!应该具备快速学习能力. 前端开发工程师不仅要掌握基本的Web前端开发技术,网站性能优化.SEO和服务器端的基础知识,而且要学会运用 ...

  9. Android笔记--Bitmap

    Android | Bitmap解析 Android中Bitmap是对图像的一种抽象.通过他可以对相应的图像进行剪裁,旋转,压缩,缩放等操作.这里循序渐进的一步步了解Bitmap的相关内容. 先了解B ...

  10. pingall脚本

    p i n g a l l:一个按照/ e t c / h o s t s文件中的条目逐一p i n g所有主机的脚本 它能够按照/ e t c / h o s t s文件中的条目逐一p i n g所 ...