Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Sponsored by: █ Sparkhost - Hosting Without Compromises! █ Hybrid Performance Web Hosting █ Spark Host Stream Hosting █ Hybrid IRC & IRCd Server Shell Accounts

Guest Post - Https Data Exposure - Get Vs Post

Started by bspirovski , Nov 19 2009 08:15 AM

Please log in to reply

1 reply to this topic

#1 bspirovski

Specialist

Sergeant Major
118 posts

Posted 19 November 2009 - 08:15 AM

Here is a quick chart showing the data exposure when considering GET vs POST and also HTTP vs HTTPS.

URL arguments refer to arguments in the URL for GET or POST (e.g. foo.com?arg1=something).
Body arguments refer to data communicated via POST paramaters in the HTTP request body.

NOTE: This chart does not address client side caching of temporary files. Caching is a separate issue from the protocol selection and should be addressed with appropriate cache-control headers.

A quick conclusion: The secure choice for transmission of any sensitive data is to use POST statements over SSL/TLS. Any other option will expose data at some point in the communication.

Full post
http://www.shortinfo...et-vs-post.html

Bozidar Spirovski
http://www.shortinfosec.net