Geek Answers Handbook

AJAX Security: POST or GET?

As the name may seem, I wonder what is more secure for AJAX requests: POST or GET. I can’t figure out which is better because they are both hidden from the user due to sending URIs. AJAX, not in the URL bar.

Thanks,

James

+4
source share
6 answers

None of these add protection against man-in-the-middle or end-user attacks. Both can be intercepted and modified using Wireshark, Firebug or other tools.

If you need interception protection, you can use HTTPS. This does not prevent the user from sending requests manually.

+4
source

It is almost trivially easy to check the contents of both messages and get the values. Best of all, if you do not want the user to be able to receive this data directly, it is to encrypt it and / or send it via ssl.

+2
source

There are no security differences between POST and GET used in AJAX. They are not hidden from the user - a simple tool such as Fiddler will allow the user to see these requests. the payload in both texts is plain text (i.e. how your script created it). The only difference is that the POST payload is in the request body, and the GET payload is in the URL request parameters.

+2
source

They are not hidden from the user at all; install FireBug on FireFox and they can see the URI. Your choice of using GET and POST depends on the data sent; and if you are going to REST standards, depending on the operation.

Treat the AJAX call, as well as the information received from the client through the form and through the address bar: Check and sanctify.

+1
source

They can view the source of the page and see where your destination URL is and what parameters are passed anyway.

+1
source

More articles:


All Articles