通过GET或POST传递密码的最佳方法 [英] Best way to pass a password via GET or POST

问题描述

我做了一个简单的登录表单，但是令我烦恼的是，如果您查看请求(它是ajax)，则可以看到用户密码，即?user = Bob& pass = secret

I have made a simple login form, but what is bugging me is that if you view the request (it's ajax), you can see the users password i.e. ?user=Bob&pass=secret

这是根本不用担心的事情吗，或者我做错了吗?我想不出解决办法.

Is this something not to worry about at all or am I doing it wrong? I can't think of a way around this.

推荐答案

始终使用HTTPS，并且始终选择POST.GET方法将允许您的浏览器在将URL存储在其历史记录中时存储用户名和密码，并且还可以发送到第三方网站(例如Google Analytics(分析)).另外，服务器通常会记录包括查询字符串参数在内的请求数据.很明显，为什么使用GET是一个非常糟糕的主意.

Always use HTTPS and always opt for POST. The GET method will allow your browser to store the username and password when it stores the URL in its history and can also be sent to third party sites, e.g., google analytics. Also, servers will often log the request data including query string parameters. It's pretty clear why using GET is a very bad idea.

这篇关于通过GET或POST传递密码的最佳方法的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！