来源 php.net 评论区

-- nucc1

worth clarifying:

POST is not more secure than GET.

The reasons for choosing GET vs POST involve various factors such as intent of the request (are you "submitting" information?), the size of the request (there are limits to how long a URL can be, and GET parameters are sent in the URL), and how easily you want the Action to be shareable -- Example, Google Searches are GET because it makes it easy to copy and share the search query with someone else simply by sharing the URL.

Security is only a consideration here due to the fact that a GET is easier to share than a POST. Example: you don't want a password to be sent by GET, because the user might share the resulting URL and inadvertently expose their password.

However, a GET and a POST are equally easy to intercept by a well-placed malicious person if you don't deploy TLS/SSL to protect the network connection itself.

All Forms sent over HTTP (usually port 80) are insecure, and today (2017), there aren't many good reasons for a public website to not be using HTTPS (which is basically HTTP + Transport Layer Security).

As a bonus, if you use TLS  you minimise the risk of your users getting code (ADs) injected into your traffic that

--  Toasty_Pallate

It is worth noting that GET request parameters can be cached while POST request parameters are not. Meaning that if a password is GETted it is stored at various points on the way to the server (Your browser and anyone it's sharing info with, the people manning the firewall at the Org that is receiving the GET, the server logs, etc.)

While it is true that HTTPS encrypts the URL and GET request parameters, nothing guarantees that there is not a Web Application Firewall (that decrypts all traffic going into the Org for inspection) and is logging user info or that one will be implemented in the future at your org. Logs in plain-text are (hopefully) a LOT easier to compromise than a database of hashed passwords.

So if you're managing sensitive information, it's best to use POST.

随机推荐

  1. VLAN-4-在路由器上配置Trunk

    VLAN Trunk技术可以用在路由器和主机上,也可以用在交换机上.路由器不支持DTP,所以工程师必须手动配置. 路由器Trunk需要使用子接口(在一个接口中实现多个vlan间的路由和通信),每个子接 ...

  2. 栈 && 教授的测试

    卡特兰数:https://blog.csdn.net/wu_tongtong/article/details/78161211 https://www.luogu.org/problemnew/sho ...

  3. siege官方文档(译)(二)

    WHY DO I NEED IT? Siege was written for both web developers and web systems administrators. siege是为了 ...

  4. 绘制复杂的原理图元件库用于cadence(二)

    绘制Xilinx XC7K325TFFG900 kintex-7 FPGA元件 1.在官网搜索“pin out”往下拉一下就能看见 2.点击进入选择相应型号 3.打开之后是类似txt格式的FFG900 ...

  5. jvm内存溢出的三种情况以及解决办法

    1       前言相信有一定java开发经验的人或多或少都会遇到OutOfMemoryError的问题,这个问题曾困扰了我很长时间,随着解决各类问题经验的积累以及对问题根源的探索,终于有了一个比较深 ...

  6. [牛客网试题] Test.main() 函数执行后的输出是()

    public class Test { public static void main(String [] args){ System.out.println(new B().getValue()); ...

  7. 公司开发部门GIT与SVN 之争

    公司最开始决定是使用GIT作为版本控制 , 也都使用了4,5个月了 , 开发人员也都是20多岁年轻力壮的年轻人 , 每个组的组长也一直在做git使用的培训 , 即使是这样 , 还是遇到了非常大的阻碍 ...

  8. Webservice相关的知识

    一.利用jdk web服务api实现,这里使用基于 SOAP message 的 Web 服务 1.首先建立一个Web services EndPoint: package Hello; import ...

  9. webpack(1)

    在网页中会引用哪些常见的静态资源? JS .js .jsx .coffee .ts(TypeScript 类 C# 语言) CSS .css .less .sass .scss Images .jpg ...

  10. sublime快捷键mark

    Ctrl+D 选词 (反复按快捷键,即可继续向下同时选中下一个相同的文本进行同时编辑)Ctrl+G 跳转到相应的行Ctrl+J 合并行(已选择需要合并的多行时)Ctrl+L 选择整行(按住-继续选择下 ...