How secure is a HTTP POST?

security post httpwebrequest xmlhttprequest
Matt picture Matt · Jun 17, 2009 · Viewed 76k times · Source

Is a POST secure enough to send login credentials over?

Or is an SSL connection a must?

Answer

Gumbo picture Gumbo · Jun 17, 2009

SSL is a must.

POST method is not more secure than GET as it also gets sent unencrypted over network.

SSL will cover the whole HTTP communication and encrypt the HTTP data being transmitted between the client and the server.

Related questions

Are HTTPS headers encrypted?

When sending data over HTTPS, I know the content is encrypted, however I hear mixed answers about whether the headers are encrypted, or how much of the header is encrypted. How much of HTTPS headers are encrypted? Including GET/POST …

Read More
Do I need a CSRF token for jQuery .ajax()?

So I've got a basic .ajax() POST method to a PHP file. What security measures do I need? A few posts around were mentioning using a hidden MD5 input field that you send via AJAX and verify in the PHP …

Read More
ModSecurity maximum post limits (PCRE limit errors)

I've been having tonnes of issues with Mod Security. I am busy writing a CMS for a project at work and while developing a page to edit a certain database record I kept getting 403 errors. After hours of banging my …

Read More