POST Method Sensitive data

hi,

I was reading as below

No sensitive data in URL − Never use username, password or session token in URL , these values should be passed to Web Service via POST method.

how POST protect data?
i was not clear.

please advise
LVL 7
gudii9Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dave BaldwinFixer of ProblemsCommented:
POST data is not visible in the URL and the way to 'protect' it is to use HTTPS connections.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ste5anSenior DeveloperCommented:
No sensitive data in URL − Never use username, password or session token in URL [..]
Correct, cause URL or URIs of such a request are more likely to be logged. Thus would mean that sensitive data gets logged. Even for HTTPS requests where the entire traffic including the URL is encrypted, the server may need to log at least URIs for logging purposes.

[..] these values should be passed to Web Service via POST method.
No. It is sufficient to place it in the request body. E.g. as headers. The verb is irrelevant.
0
gudii9Author Commented:
these values should be passed to Web Service via POST method.
No. It is sufficient to place it in the request body. E.g. as headers. The verb is irrelevant.
if we put in body is it not visible in URL with GET

I thought it sends in URL unless it is POST

http verbs and rest verbs are same or any difference is there?
0
Dave BaldwinFixer of ProblemsCommented:
http verbs and rest verbs are same or any difference is there?
No, they are the same.  REST is done using HTTP connections.  The reasons for using POST is that the data is not visible in the address bar and much larger amounts of data can be sent than when using GET.  However, the most important 'protection' is to use HTTPS connections so they can not be read by other people.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
System Programming

From novice to tech pro — start learning today.