0

The question is related to securely transferring data to a webpage. I need to transfer some data to a webpage/website. Assume that for all the mentioned scenarios, I am using HTTPS as the protocol.

  1. Do I need to append data/Parameter to URL. Do I need to encrypt it so that it does not transmit as plain text?
  2. Do I make a POST request to website and it will return me the rendered HTML page?

Security is the major concern for me and I have to use HTTP or restful web services for the purpose.

4

1 回答 1

0

Query string data will be encrypted, but it will also be visible in the browser address bar and could be logged in browser history. Even if it is a server side request, query string data could be logged in server logs.

Sending the data via POST is preferred - it is not guaranteed to not be logged, but by POSTing the data you are implying that it is used to create a change in state and that it should not be replayed or cached.

于 2013-10-01T10:27:51.583 回答