来源 php.net 评论区

-- nucc1

worth clarifying:

POST is not more secure than GET.

The reasons for choosing GET vs POST involve various factors such as intent of the request (are you "submitting" information?), the size of the request (there are limits to how long a URL can be, and GET parameters are sent in the URL), and how easily you want the Action to be shareable -- Example, Google Searches are GET because it makes it easy to copy and share the search query with someone else simply by sharing the URL.

Security is only a consideration here due to the fact that a GET is easier to share than a POST. Example: you don't want a password to be sent by GET, because the user might share the resulting URL and inadvertently expose their password.

However, a GET and a POST are equally easy to intercept by a well-placed malicious person if you don't deploy TLS/SSL to protect the network connection itself.

All Forms sent over HTTP (usually port 80) are insecure, and today (2017), there aren't many good reasons for a public website to not be using HTTPS (which is basically HTTP + Transport Layer Security).

As a bonus, if you use TLS  you minimise the risk of your users getting code (ADs) injected into your traffic that

--  Toasty_Pallate

It is worth noting that GET request parameters can be cached while POST request parameters are not. Meaning that if a password is GETted it is stored at various points on the way to the server (Your browser and anyone it's sharing info with, the people manning the firewall at the Org that is receiving the GET, the server logs, etc.)

While it is true that HTTPS encrypts the URL and GET request parameters, nothing guarantees that there is not a Web Application Firewall (that decrypts all traffic going into the Org for inspection) and is logging user info or that one will be implemented in the future at your org. Logs in plain-text are (hopefully) a LOT easier to compromise than a database of hashed passwords.

So if you're managing sensitive information, it's best to use POST.

随机推荐

  1. mysql 安装和修改编码(utf8mb4)

    安装mysql(linux 我的环境centos 7) 安装MySQL官方的Yum Repository wget -i -c http://dev.mysql.com/get/mysql57-com ...

  2. python多线程Event实现红绿灯案例

    代码: # __author__ = 'STEVEN' # coding = utf-8 import time,threading #开启事件 event = threading.Event() c ...

  3. [題解]luogu_P3205/BZOJ_1996 合唱隊

    前言:基本上發題解的都是抄的題解所以 來源:題解 题目描述 为了在即将到来的晚会上有更好的演出效果,作为AAA合唱队负责人的小A需要将合唱队的人根据他们的身高排出一个队形.假定合唱队一共N个人,第i个 ...

  4. C# 基础之索引器

    当一个类有数组成员时,索引器将大大简化对类中数组成员的访问 索引器类似于属性有get与set访问器 列如: 使用: 总结:从以上代码可以看出索引器也是对私有字段进行访问的方式,但此时的私有字段是数组类 ...

  5. FTP任务(重点看断点续传)

    一.FTP任务目录: 1. 多用户同时登陆:     socketserver 2. 用户登陆,加密认证: md5加密 3. 上传/下载文件,保证文件一致性:md5摘要 4. 传输过程中现实进度条 5 ...

  6. 关于vue的源码调试

    一直看源码都是硬生生的看, 其实, 还是感觉调试起来会看的比较舒服. GitHub把vue的源码下载下来 npm install && npm run dev 在example中新建一 ...

  7. hihocoder #1190 : 连通性·四 点双联通分量

    http://hihocoder.com/problemset/problem/1190?sid=1051696 先抄袭一下 时间限制:10000ms 单点时限:1000ms 内存限制:256MB 描 ...

  8. POJ 1458 Common Subsequence DP

    http://poj.org/problem?id=1458 用dp[i][j]表示处理到第1个字符的第i个,第二个字符的第j个时的最长LCS. 1.如果str[i] == sub[j],那么LCS长 ...

  9. 【Linux】VirtualBox网络配置桥接模式

    VirtualBox网络配置桥接模式 CentOS/RHEL (虚拟机)配置 # 基于桥接模式设置固定 ip cat >> /etc/sysconfig/network-scripts/i ...

  10. IOS拉伸之底盖设置

    1.选定拉伸 UIImageView *fieldImage=[[UIImageViewalloc]initWithFrame:CGRectMake(37,48+35,240, 32)]; field ...