Reputation: 739
with https are GET requests less secure than Post Requests
As the title says. Should you pass an authentication token in the url of a GET request? What about man-in-the-middle attacks? Or Packet sniffing? All including the requests being wrapped with HTTPS
Upvotes: 0
Views: 39
Answers (1)
Reputation: 4044
When you use https GET and POST are equally secure for man-in-the-middle attacks as the payload is encrypted and nobody except the receiver with the private key can see the data.
Using GET the urls visited are stored in the browser history and can also be shared (accidentally) with other pople (see also Session Hijacking). So I would not pass auth information as query parameter but use http header cookies or something wich is not stored in the browsers history. If you have to do it you should be sure that the auth information invalidated after some time.
Upvotes: 1
Related Questions
- What is the difference between a HTTP-Get and HTTP-POST and why is HTTP-POST weaker in terms of security
- Is either GET or POST more secure than the other?
- What is the difference between GET/POST in HTTP or HTTPS requests?
- Is GET data also encrypted in HTTPS?
- What is the difference between GET and POST encryption?
- Sending passwords over HTTPS: GET vs POST
- Security implications of posting an HTTPS GET request with sensitive data
- Is an attacker able to sniff the GET request string, if https is being used
- Sanity Check: SSL+ POST vs. un-encrypted GET
- Is it any safer to use POST instead of GET?