来源 php.net 评论区

-- nucc1

worth clarifying:

POST is not more secure than GET.

The reasons for choosing GET vs POST involve various factors such as intent of the request (are you "submitting" information?), the size of the request (there are limits to how long a URL can be, and GET parameters are sent in the URL), and how easily you want the Action to be shareable -- Example, Google Searches are GET because it makes it easy to copy and share the search query with someone else simply by sharing the URL.

Security is only a consideration here due to the fact that a GET is easier to share than a POST. Example: you don't want a password to be sent by GET, because the user might share the resulting URL and inadvertently expose their password.

However, a GET and a POST are equally easy to intercept by a well-placed malicious person if you don't deploy TLS/SSL to protect the network connection itself.

All Forms sent over HTTP (usually port 80) are insecure, and today (2017), there aren't many good reasons for a public website to not be using HTTPS (which is basically HTTP + Transport Layer Security).

As a bonus, if you use TLS  you minimise the risk of your users getting code (ADs) injected into your traffic that

--  Toasty_Pallate

It is worth noting that GET request parameters can be cached while POST request parameters are not. Meaning that if a password is GETted it is stored at various points on the way to the server (Your browser and anyone it's sharing info with, the people manning the firewall at the Org that is receiving the GET, the server logs, etc.)

While it is true that HTTPS encrypts the URL and GET request parameters, nothing guarantees that there is not a Web Application Firewall (that decrypts all traffic going into the Org for inspection) and is logging user info or that one will be implemented in the future at your org. Logs in plain-text are (hopefully) a LOT easier to compromise than a database of hashed passwords.

So if you're managing sensitive information, it's best to use POST.

随机推荐

  1. For循环执行AFNetworking请求

    屏幕快照 2017-12-19 下午1.46.25.png 需求:如下操作打印的文档为 NSLog(@"开始");for(NSIntegeri =0; i <5; i++) ...

  2. [coci2015-2016 coii] Palinilap【字符串 哈希】

    传送门:http://www.hsin.hr/coci/archive/2015_2016/ 进去之后点底下的那个.顺带说一句,题目既不是一个英文单词,也不是克罗地亚单词,估计只是从回文串的英文单词p ...

  3. 洛谷 P1042 乒乓球

    P1042 乒乓球 var s:string; a1:array[1..50000] of char; i,n,x,y:longint; procedure f1; begin while not e ...

  4. opencart 安装

    1:安装 php5    apache2  mysql 2:下载opencart wget https://github.com/opencart/opencart/archive/master.zi ...

  5. (转)Quirks模式与standards模式区别

    建议:不推荐使用Quirks Mode. Quirks Mode中发生了什么?Quirks Mode是一种浏览器(像IE,Firefox,Opera)操作模式.从根本上说,怪异模式(也称之为兼容模式) ...

  6. Semi-prime H-numbers

    题目描述形如4n+1的数被称为“H数”,乘法在“H数”集合内为封闭的.因数只有1和本身的数叫“H素数”(不包括1),其余叫“H合数”.一个“H合成数”能且只能分解为两个“H素数”.求0·h内的“H合成 ...

  7. bootstrap输入框组、导航和导航条

    输入框组(input groups) 避免使用select  支持不好,使用输入框组 尺寸根据  input-group-lg    input-group-sm来选择   <div class ...

  8. bmp图像文件格式说明

    bmp图片文件包含4个部分数据,位图文件头,位图信息头,颜色表和位图数据(即RGB值). 在看位图格式之前先看一个问题,如果每个像素都用前面的24位色去表示,那么一个像素值需要3个字节数据,24位色也 ...

  9. mysql> set sql_mode='no_auto_value_on_zero';

    mysql> set sql_mode='no_auto_value_on_zero';

  10. 你不知道的HTTP之HTTPS

    确保web安全的HTTPS HTTPS=HTTP+ 加密 + 认证 + 完整性保护 1.加密: 1)通信的加密 所谓互联网,是由能连通到全世界的网络组成的.无论世界哪个角 落的服务器在和客户端通信时, ...