Dave's Brain

Browse - Programming Tips - What's more secure, HTTP's GET or POST?

Date: 2001dec3
Updated: 2017feb9
Platform: web

Q.  What's more secure, HTTP's GET or POST?

A.  They both send the user-entered data as plain text
(unless you are using SSL).

With GET the user sees when he entered (including hidden variables)
in the URL in his browser's address bar.  URLs have a practical
length limit so GET should not be used when there is tons of
data.  Also a messy URL is ugly.
URLs are logged by the webserver so you don't want a password in a URL.

In conclusion: POST is a bit more secure since user input isn't logged
(by the webserver anyhow)

More info
http://0x2fn.blogspot.com/2011/01/lets-end-these-silly-ideas-about-http.html

Add a comment

Sign in to add a comment
Copyright © 2008-2017, dave - Code samples on Dave's Brain is licensed under the Creative Commons Attribution 2.5 License. However other material, including English text has all rights reserved.