No one likes things to get mixed up, creating confusion and misunderstandings, and sometimes even make our arguments seem a bit silly in the heat of an online “quarrel” with a man claiming that his level 32 Wizard is much stronger than mine in “World of Warcraft” (yes, this is a serious manner).
That’s why I’m here for you, preventing you from losing an argument to a 12-year-old nicknaming himself as “XX123TheKiNg123XX” (damned he be!), and this time we’re gonna talk about the GET and POST methods.
GET and POST are the most common methods out of a group called HTTP Request Methods, those methods are responsible for the communication between clients and servers, let’s have a look at each of them specifically.
The GET Method :
We will use this method in order to retrieve documents, files and other forms of data from a certain resource.
We use GET in search pages, sending these requests will allow us to retrieve the Information we are looking for, it retrieves a representation of the specified resource and include all required data in the URL, meaning that the Parameters specifying where we are, or what we sent, is shown in the URL address bar.
For example :
Pay Attention to the fact that the “user” and “pass” (password) values are visible to all via the URL address bar, meaning we shouldn’t use this method when we take actions on Web-Applications such as Login pages and so on, if you want to learn more about it you should visit here.
The POST Method :
In contrast to the GET Method, POST is being used mainly to send data to a server, we use it to create and edit all sorts of resources based in our Website, we also use these requests to update the server.
And, of course, the requests being sent using this method are much less “Visible” since the parameters being sent cannot be saved seemingly.
And yet, POST is not that secured since the data is included in the body of the request instead of the URL but it is trivially simple to view/edit, and can cause multiple writes.
Instead of talking about each of them separately, let’s have a look at the next table comparing them side by side :
|Basis for comparison||GET||POST|
|Parameters located in||URL bar||Body|
|Main goal||Used in data retrieval||Used for updating data|
|Is the request bookmarked||Yes||No|
|Request being cached||Yes||No|
|Requests remain in browser history||Yes||No|
|Data length||Maximum URL length||Unrestricted|
|Exposure||Data is exposed in the URL bar||Data is not exposed in the URL bar|
|Reloading the page||Harmless, without consequences||Data will be re-submitted (an alert from the browser will appear)|
|Restrictions on data type||Only ASCII characters||No restrictions on types of data, you can even use Binary Data|
|Security||Less secured, especially when sending sensitive data such as passwords||More secured, because the parameters are not stored in browser history or in web server logs|
So i hope you “GET” what I’m saying (please laugh) here, it is well known that even after going through all the differences the GET Method is much more common, and, we can see that there are Properties that affect the level of security in the request.
Using our tool Kayran.live, will help you to find out the vulnerabilities that, in a way, helps you and your Very-Tired-Developers to understand when and where you should use each one of the Methods!
Stay safe, choose Kayran.