HTTP GET and POST

Both HTTP method can achieve the same goals, but making incorrect choice between them can lead to unexpected and potentially harmful results.

Basically GET is used to retrieve remote data, and POST is used to insert/update remote data.
Applications which use the HTTP protocol SHOULD NOT use GET based forms for the submission of sensitive data, because this will cause this data to be encoded in the Request-URI as querystring.

For example you are submitting credentials using HTTP GET request can lead to following, displaying userID and password in queryString which was probably not intended.
e.g GET /login/?username=gokul&password=somevalue

As query strings are transferred openly in GET requests, we have to consider our security and that of our users when dealing with sensitive data like passwords or credit card numbers.

However with HTTP POST request, the data is included in the body of the request. These credentials will be hidden and passed as the body of POST requests:

POST /login/
username=gokul&password=somevalue

So, POST should be used for unsafe actions(i.e Inserts and Updates)

So, what are the advantage of using HTTP GET or whay shouldn’t we use HTTP POST for safe operations
GET requests are more useable:

GET requests can be cached.
GET requests can remain in the browser history.
GET requests can be bookmarked.
GET requests can be distributed & shared.

Thanks for reading.

Advertisements

About Gokul Dahal, Nepal

Software Engineer, Freelancer, Design and Develop web applications,Software Developer Nepal, FreeLancer Nepal Contact : gokuldahal@gmail.com
This entry was posted in ASP.NET. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s