Last post Dec 18, 2017 07:32 AM by Cathy Zou
Dec 15, 2017 02:41 PM|tridip1974|LINK
i checked this one
they are saying
On the case of post Method data will be passed through http headers so using secure http protocol and data will be more secure and also we have no data restriction there we can pass large number of data and binary data we can pass here also.
@using (Html.BeginForm("Index", "Home", FormMethod.Post))
so tell me in case of post http verb data passed as form collection or as http headers. thanks
Dec 15, 2017 02:58 PM|mgebhard|LINK
No, by definition an HTTP POST sends data in the HTTP body. The header might contain things like cookies or authentication tokens which are consistent across all HTTP verbs.
Unless there is a language barrier, the linked blog is simply wrong. As I suggested in many of your other posts, start using documentation from the source like Microsoft ASP Docs or in the case of HTTP like this question the RFCs or a reputable tutorial
site like https://www.w3schools.com/tags/ref_httpmethods.asp
Keep in mind that you can test this yourself rather easily simply using the browser's dev tools which allows you will see first hand the affects of doing a GET and a POST.
Dec 15, 2017 03:13 PM|PatriceSc|LINK
And same for security :
- using F12 Network will show your payload
- if a user can grab your HTTP query on the network, seeing the payload is as easy as seeing the querystring
Basically it's no more secure than leaving a key under your door mat rather than in the keyhole. It's just can be seeen immediately buit that's pretty much the only difference.
Edit: making sure to use https would be a better step if you need to prevent issue 2.
Dec 15, 2017 03:19 PM|bruce (sqlwork.com)|LINK
Dec 16, 2017 01:35 PM|tridip1974|LINK
Dec 18, 2017 07:32 AM|Cathy Zou|LINK
SSL certification is provided only to thoroughly validated, genuine websites. It’s a hard nut to crack for hackers and phishing agents to get SSL certificates for their dubious website. This is why SSL protected websites have built a reputation for being
safe against hacking and phishing scams.
Additionally, as a website security layer, a SSL certificate makes the encrypted message meaningless – and useless – to the hackers even if they are able to intercept a message. The message becomes illegible because it appears as a combination
of random hash in a string.
If we use ssl/certificate then no one can hack the info pass between clien server architecture?
So, it is possible to intercept the info pass between client and sever.
However, the encrypted message meaningless and useless to them
Or there hack is possible. How security is there when we use ssl/certificate?
it has high security for protect the info pass between client and server by using SSL.
Related links for full understanding: