On a site, secured with SSL, are POST and GET also encrypted? The fact that GET is part of the address, is it still encrypted?
On a site, secured with SSL, are POST and GET also encrypted? The fact that GET is part of the address, is it still encrypted?
As you may already know the GET data can be seen in the URL as a query string:
Because the data is appended to the URL, there is a limit to the amount of data you can transfer. Different browsers have different limits, you can theoretically have problems when the data reaches 1 KB to 2 KB.
already POST data is included in the body of the HTTP request and is not visible in the URL. As such, there is no limit to the amount of data you can transfer over POST.
If your HTTP connection is using SSL / TLS, the parameters are also encrypted, but can appear in other places, such as web server logs and theoretically will be accessible to browser plugins and possibly other applications as well.
POST data is encrypted.
The information below I took from this Google discussion: link
Os dados contidos em URL de consulta em uma conexão HTTPS são criptografados. No entanto, é uma prática não recomendada para incluir esses dados sensíveis, como uma senha em um 'GET'. Enquanto ele não pode ser interceptado, os dados seriam logado serverlogs texto plano no servidor HTTPS recebimento, e possivelmente
also in browser history. and probably will also be available for browser plugins, and possibly even other applications on the client computer.
Sempre que possivel use HTTPS POST sobre se você deseja transferir com segurança da informação.
Se você estiver usando uma biblioteca de criptografia para criptografar os dados, em seguida, você pode usar GET ou POST, mas
isso vai ser uma dor adicional e você não pode configurar a
criptografia corretamente, então eu ainda recomendo usar POST através
de HTTPS, em vez de rolar sua própria configuração de criptografia.
Este problema já foi resolvido, não re - inventar a roda.
Another option you may want to consider is to use a secure cookie. A cookie that has the secure flag is only sent through a secure channel, such as HTTPS, and is not sniffable. This is a good way to keep information secure, such as a session ID.