Is either GET or POST more secure than the other?

前端 未结 27 2092
没有蜡笔的小新
没有蜡笔的小新 2020-11-22 05:13

When comparing an HTTP GET to an HTTP POST, what are the differences from a security perspective? Is one of the choices inherently more secure than the other? If so, why?

27条回答
  •  有刺的猬
    2020-11-22 06:01

    As far as security, they are inherently the same. While it is true that POST doesn't expose information via the URL, it exposes just as much information as a GET in the actual network communication between the client and server. If you need to pass information that is sensitive, your first line of defense would be to pass it using Secure HTTP.

    GET or query string posts are really good for information required for either bookmarking a particular item, or for assisting in search engine optimization and indexing items.

    POST is good for standard forms used to submit one time data. I wouldn't use GET for posting actual forms, unless maybe in a search form where you want to allow the user to save the query in a bookmark, or something along those lines.

提交回复
热议问题