Possible Duplicate:
Is either GET or POST more secure than the other?
What is the difference between POST and GET?
My understanding is that the difference between $_GET and $_POST is that with $_GET You can see what the form is sending in the address bar.
Now I am making an iPhone app and it is being sent an url with $_GET details in it. There is no way the user can see or guess the variables that are being used. Is there another reason why I shouldn’t use GET?
I am sending sensitive data through the URL, so I that is why I am asking if using $_GET is safe enough if the user CANNOT see the URL.
Also the data is being generated from the IOS app, so there is no website that contains this data on my server.
Thanks in advance:-)
Everyone here is correct that both requests can be sniffed by intermediaries if you’re not sending the data over a secure (i.e. SSL) connection.
One thing you need to keep in mind, however, is how your web server handles the two. Data sent by
POSTrequests typically isn’t logged by the server, whereasGETrequests are. This is because GET data is really just part of the URL. We just think of it as separate data because PHP helpfully sorts it into a superglobal array for us. A request to a bare URL likehttp://www.google.com, despite having no query string, is still a GET request (unless you specifically invoke a different protocol in your client).As with other GET requests, a request with a query string will still be entered into your server’s access log. If you’re passing sensitive information via query strings, you’ll need to have a strategy for how to securely handle these logs and other places that such data might be recorded.