来源 php.net 评论区

-- nucc1

worth clarifying:

POST is not more secure than GET.

The reasons for choosing GET vs POST involve various factors such as intent of the request (are you "submitting" information?), the size of the request (there are limits to how long a URL can be, and GET parameters are sent in the URL), and how easily you want the Action to be shareable -- Example, Google Searches are GET because it makes it easy to copy and share the search query with someone else simply by sharing the URL.

Security is only a consideration here due to the fact that a GET is easier to share than a POST. Example: you don't want a password to be sent by GET, because the user might share the resulting URL and inadvertently expose their password.

However, a GET and a POST are equally easy to intercept by a well-placed malicious person if you don't deploy TLS/SSL to protect the network connection itself.

All Forms sent over HTTP (usually port 80) are insecure, and today (2017), there aren't many good reasons for a public website to not be using HTTPS (which is basically HTTP + Transport Layer Security).

As a bonus, if you use TLS  you minimise the risk of your users getting code (ADs) injected into your traffic that

--  Toasty_Pallate

It is worth noting that GET request parameters can be cached while POST request parameters are not. Meaning that if a password is GETted it is stored at various points on the way to the server (Your browser and anyone it's sharing info with, the people manning the firewall at the Org that is receiving the GET, the server logs, etc.)

While it is true that HTTPS encrypts the URL and GET request parameters, nothing guarantees that there is not a Web Application Firewall (that decrypts all traffic going into the Org for inspection) and is logging user info or that one will be implemented in the future at your org. Logs in plain-text are (hopefully) a LOT easier to compromise than a database of hashed passwords.

So if you're managing sensitive information, it's best to use POST.

随机推荐

  1. 通过java调用Http接口上传图片到服务器

    https://blog.csdn.net/jaedons/article/details/78563841 /** * 测试上传png图片 * */ public static void testU ...

  2. [译]Understanding ECMAScript6 迭代器与生成器(未完)

    迭代器在许多编程语言中被作为一种更易处理数据集合的方式被使用.在ECMAScript6中,JavaScript添加了迭代器,将其作为此语言的一个重要特征.当再加上新的方法和新的集合类型(比如集合与映射 ...

  3. Mvc 多级控制器 路由重写 及 多级Views目录 的寻找视图的规则

    1.那么我们再来看我们需要的访问方式,如下图 如果我们要访问Admin下的TestController里面的Index页面,那么我们输入Test/Index,这个肯定不行的.因为TestControl ...

  4. 断言assert用法

    本文转自:http://blog.jobbole.com/76285/ 这个问题是如何在一些场景下使用断言表达式,通常会有人误用它,所以我决定写一篇文章来说明何时使用断言,什么时候不用. 为那些还不清 ...

  5. Vue.js - day7

    使用mui的tab-top-webview-main完成分类滑动栏 兼容问题 和 App.vue 中的 router-link 身上的类名 mui-tab-item 存在兼容性问题,导致tab栏失效, ...

  6. dos命令-环境变量-数据类型-命名规范

    JAVA第一天笔记--dos命令-环境变量-数据类型-命名规范 1.能够阐述JDK和JRE之间区别 JDK(Java Development Kit)是提供给开发人员使用的JAVA开发工具包(java ...

  7. [习题]输入自己的生日(年/月/日)#2 -- 日历(Calendar)控件的时光跳跃,一次跳回五年、十年前?--TodaysDate属性、VisibleDate属性

    原文出處  http://www.dotblogs.com.tw/mis2000lab/archive/2013/06/10/calendar_visibledate_birthday_dropdow ...

  8. cookie安全

    www.baidu.com host 文件 定义 a.baidu.com 为127.0.01 本地编写php程序 读取浏览器发送给 a.baidu.com的cookie 会把 .baidu.com域下 ...

  9. Dijkstra算法——单源最短路算法

    一.介绍 迪杰斯特拉(Dijkstra)算法是典型最短路径算法,用于计算一个节点到其他各个节点的最短路径. 它的主要特点是以起始点为中心向外层层扩展(广度优先搜索思想),直到扩展到终点为止. 适用于有 ...

  10. Web中打印的各种方案参考

    http://blog.csdn.net/chinahuyong/article/details/42527491