来源 php.net 评论区

-- nucc1

worth clarifying:

POST is not more secure than GET.

The reasons for choosing GET vs POST involve various factors such as intent of the request (are you "submitting" information?), the size of the request (there are limits to how long a URL can be, and GET parameters are sent in the URL), and how easily you want the Action to be shareable -- Example, Google Searches are GET because it makes it easy to copy and share the search query with someone else simply by sharing the URL.

Security is only a consideration here due to the fact that a GET is easier to share than a POST. Example: you don't want a password to be sent by GET, because the user might share the resulting URL and inadvertently expose their password.

However, a GET and a POST are equally easy to intercept by a well-placed malicious person if you don't deploy TLS/SSL to protect the network connection itself.

All Forms sent over HTTP (usually port 80) are insecure, and today (2017), there aren't many good reasons for a public website to not be using HTTPS (which is basically HTTP + Transport Layer Security).

As a bonus, if you use TLS  you minimise the risk of your users getting code (ADs) injected into your traffic that

--  Toasty_Pallate

It is worth noting that GET request parameters can be cached while POST request parameters are not. Meaning that if a password is GETted it is stored at various points on the way to the server (Your browser and anyone it's sharing info with, the people manning the firewall at the Org that is receiving the GET, the server logs, etc.)

While it is true that HTTPS encrypts the URL and GET request parameters, nothing guarantees that there is not a Web Application Firewall (that decrypts all traffic going into the Org for inspection) and is logging user info or that one will be implemented in the future at your org. Logs in plain-text are (hopefully) a LOT easier to compromise than a database of hashed passwords.

So if you're managing sensitive information, it's best to use POST.

随机推荐

  1. iphone、ipad等网页中电话号码呈蓝色的解决方案

    iPhone手机.ipad上的浏览器(如Safari),在解析网页的时候会自动给 像是电话号码的数字 加上link样式,所以号码呈蓝色. 可以添加下面的meta禁用掉这个功能. <meta na ...

  2. redis集群模式

    1 弊端和优势 弊端:相比单机模式,集群模式会在节点之间同步数据,会降低20%-30%的性能,同时增加架构复杂性,提高硬件成本和学习成本. 优势:增加冗余,避免单点故障.单机模式如果要重启,必然会丢失 ...

  3. Python 杂集

    Python字符串方法 Python递归和迭代 Python判断字符串编码以及编码的转换 exec 和 eval

  4. GYM 101673F(树计数)

    树上每个割点计算一下各个size的组合相乘再相加为第一问答案,取最大的:再把本答案中最大的两个size相乘减掉,为第二问答案. const int maxn = 1e4 + 5; int n, siz ...

  5. 2017"百度之星"程序设计大赛 - 资格赛 度度熊的王国战略

    度度熊的王国战略 度度熊国王率领着喵哈哈族的勇士,准备进攻哗啦啦族. 哗啦啦族是一个强悍的民族,里面有充满智慧的谋士,拥有无穷力量的战士. 所以这一场战争,将会十分艰难. 为了更好的进攻哗啦啦族,度度 ...

  6. C8051系列

    C8051F500处理器按AEC-Q100测试标准设计具有寛工作电压(1.8~5.5V).寛工作温度范围(-40~125).抗干扰能力强并内置CAN2.0B及LIN2.1总线控制器,非常适合汽车电子及 ...

  7. SSAS中处理时经常出现的几种错误

    1.[重复属性键的错误]"处理时找到重复的属性键"   当在[属性关系]里指定属性关系后,   就出出现此错误,因为不知道Month值“1”,并不知道是属于哪一年的,   所以需要 ...

  8. Java编程基础-异常

    一.异常 1.什么是异常 在java中,程序在运行时出现的不正常情况称为异常,以异常类的形式对这些非正常情况进行封装,通过异常处理机制对程序运行时发生的各种问题进行处理.其实就是java对不正常情况进 ...

  9. iOS 通知、本地通知和推送通知有什么区别? APNS机制。

    本地/推送通知为不同的需要而设计.本地通知对于iPhone,iPad或iPod来说是本地的.而推送通知——来自于设备外部.它们来自远程服务器——也叫做远程通知——推送给设备上的应用程序(使用APNs) ...

  10. NumPy库的基本使用

    一.介绍 ——NumPy库是高性能科学计算和数据分析的基础包,它是Pandas及其它各种工具的基础 ——NumPy里的ndarry多维数组对象,与列表的区别是: - 数组对象内的元素类型必须一样 - ...