You shouldnt full stop! Even if the GET is performed over HTTPS, the complete GET URL with associated query string parameters are logged by the web server (in my case IIS logs) but would assume that Apache and other popular/capable web servers would do the same! Any web intermediaries would also log the data.
If you need to get secure data passed from the browser where the current domain is HTTPS to a different HTTPS domain you cannot perform the following:
1. Perform a POST (see previous post)
2. Perform a GET (cant as web servers log the data - not advised)
So what is the solution?
Really, the only solution is to perform a server to server call. Rather than calling direct from the browser, pass the secure data to the website/applications associated web server and perform a server to server call from there!
Modeling: Date vs. DateTime
1 day ago
Posts
This comment has been removed by a blog administrator.
ReplyDelete