POST Method Sensitive data

hi,

I was reading as below

No sensitive data in URL − Never use username, password or session token in URL , these values should be passed to Web Service via POST method.

how POST protect data?
i was not clear.

please advise
LVL 7
gudii9Asked:
Who is Participating?
 
Dave BaldwinFixer of ProblemsCommented:
POST data is not visible in the URL and the way to 'protect' it is to use HTTPS connections.
0
 
ste5anSenior DeveloperCommented:
No sensitive data in URL − Never use username, password or session token in URL [..]
Correct, cause URL or URIs of such a request are more likely to be logged. Thus would mean that sensitive data gets logged. Even for HTTPS requests where the entire traffic including the URL is encrypted, the server may need to log at least URIs for logging purposes.

[..] these values should be passed to Web Service via POST method.
No. It is sufficient to place it in the request body. E.g. as headers. The verb is irrelevant.
0
 
gudii9Author Commented:
these values should be passed to Web Service via POST method.
No. It is sufficient to place it in the request body. E.g. as headers. The verb is irrelevant.
if we put in body is it not visible in URL with GET

I thought it sends in URL unless it is POST

http verbs and rest verbs are same or any difference is there?
0
 
Dave BaldwinFixer of ProblemsCommented:
http verbs and rest verbs are same or any difference is there?
No, they are the same.  REST is done using HTTP connections.  The reasons for using POST is that the data is not visible in the address bar and much larger amounts of data can be sent than when using GET.  However, the most important 'protection' is to use HTTPS connections so they can not be read by other people.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.