问题
I want to know which HTTP method i use for developing a login API, GET or POST ?. I have developed my login API in PHP using post method, but my BOSS say that, why you use POST method instead of GET method.
回答1:
Always POST, and preferably with SSL (as in: https://...). Because the parameters in GET get stored all over the place for caching reasons.
So, if you boss needs a reason: security.
There is a REST-related reason: the GET queries first of all are expected to be aggressively cached, because they do not alter the server state of data. The POST requests instead are expected to never be cached, because the alter the state of server and (unlike PUT request), there is no expectation for calling multiple POST request to return the same response and leave the server in the same state.
For example: if you send 5 login request, that fail, the 6th one can return "your IP has been blocked for 30 min" as a response.
回答2:
Use POST. With GET the parameters are in the URL, which is very insecure. While https (you are using https, right?) should encrypt everything end-to-end, with GET the parameters will be in plain text in log files and in the user's browser (until the next page is loaded or redirected).
回答3:
there really little difference between POST and GET from security point of view, more important using HTTPS, and properly tuned server
来源:https://stackoverflow.com/questions/43965316/for-login-get-or-post