来源 php.net 评论区

-- nucc1

worth clarifying:

POST is not more secure than GET.

The reasons for choosing GET vs POST involve various factors such as intent of the request (are you "submitting" information?), the size of the request (there are limits to how long a URL can be, and GET parameters are sent in the URL), and how easily you want the Action to be shareable -- Example, Google Searches are GET because it makes it easy to copy and share the search query with someone else simply by sharing the URL.

Security is only a consideration here due to the fact that a GET is easier to share than a POST. Example: you don't want a password to be sent by GET, because the user might share the resulting URL and inadvertently expose their password.

However, a GET and a POST are equally easy to intercept by a well-placed malicious person if you don't deploy TLS/SSL to protect the network connection itself.

All Forms sent over HTTP (usually port 80) are insecure, and today (2017), there aren't many good reasons for a public website to not be using HTTPS (which is basically HTTP + Transport Layer Security).

As a bonus, if you use TLS  you minimise the risk of your users getting code (ADs) injected into your traffic that

--  Toasty_Pallate

It is worth noting that GET request parameters can be cached while POST request parameters are not. Meaning that if a password is GETted it is stored at various points on the way to the server (Your browser and anyone it's sharing info with, the people manning the firewall at the Org that is receiving the GET, the server logs, etc.)

While it is true that HTTPS encrypts the URL and GET request parameters, nothing guarantees that there is not a Web Application Firewall (that decrypts all traffic going into the Org for inspection) and is logging user info or that one will be implemented in the future at your org. Logs in plain-text are (hopefully) a LOT easier to compromise than a database of hashed passwords.

So if you're managing sensitive information, it's best to use POST.

随机推荐

  1. 统一入口&DB代理思想

    参考 https://mp.weixin.qq.com/s?__biz=MzI4NTA1MDEwNg==&mid=2650764278&idx=2&sn=b7801fb0780 ...

  2. 模拟ssh、黏包、hashlib模块(MD5)

    待补充..... 一.模拟ssh 二.黏包 1.黏包现象 让我们基于tcp先制作一个远程执行命令的程序(命令ls -l ; lllllll ; pwd) res=subprocess.Popen(cm ...

  3. centOS 7联网

    在windows上安装的centOS7虚拟机要联网后才能正常使用,只需这样配置下即可: 打开vim /etc/sysconfig/network-scripts/ifcfg-eno16777736,会 ...

  4. python入门之实例-用户登录、注册

    用户密码存储文件db(其中用户和密码之间用$符合隔开): admin$123456 root$sdfk9f24 chy$654321 代码如下: def login(username,password ...

  5. BS3 多级菜单

    <div class="container"> <div class="row"> <h2>Multi level drop ...

  6. Gin框架body参数获取

    需求: 记录所有请求的json数据 body, _ := ioutil.ReadAll(c.Request.Body) if body != nil { log.Info("请求body内容 ...

  7. JDk安装及环境变量的配置

    一.JDK的安装 1.打开下载好的安装包(我在这里附上一个百度云连接,https://pan.baidu.com/s/1o3nx0kbmecAISeneGqykLQ    提取码:jnw6) 傻瓜式安 ...

  8. [原创] SOAP UI 创建SOAP工程进行接口测试

    下载及安装 1. 登录http://www.soapui.org/ 2. 鼠标移动到导航头的Downloads选项 3. 点击SOAP UI 4. 下载页面 新建项目 创建项目 1. 创建项目很简单. ...

  9. Android学习总结(十四) ———— ListView Item多布局的实现

    一.基本概念 实现一个Item的多布局.像我们经常在用的各种即时通讯工具,QQ.微信等,假设他们的会话界面是ListView实现的,那么ListView就有多种Item布局,要实现ListView里面 ...

  10. (十二)maven之nexus仓库的基本用法

    nexus仓库的基本用法 ① 启动nexus. 上一章有提到:https://www.cnblogs.com/NYfor2018/p/9079068.html ② 访问http://localhost ...