在PHP中使用cURL进行GET或POST发送参数更安全
[英]Which is more secure GET or POST sending parameters with cURL at PHP
问题描述
I want to connect in a secure way with an API and I am using cURL to do it using HTTPS and SSL. 
我想以安全的方式与API连接,并且我正在使用cURL通过HTTPS和SSL进行连接。
Now, i was wondering what is better in terms of security, sending the data through GET or POST : 现在,我想知道通过GET或POST发送数据在安全性方面有什么更好的选择:
$ch = curl_init("http://api.website.com/connect.php?user=xxx&pass=xxxx");
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
$result = curl_exec($ch);
curl_close($ch);
Or 要么
$param['user'] = 'xxxx';
$param['pass'] = 'xxxx';
$ch = curl_init("http://api.website.com/connect.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $Parameters);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
$result = curl_exec($ch);
curl_close($ch);
I also realized that POST is much more slower retrieving the data. 我还意识到POST检索数据的速度要慢得多。
3 个解决方案
解决方案1
4 已采纳 2012-11-30 11:04:34
Neither. 都不行 "GET parameters" are part of the URL which is part of the HTTP request header, "POST parameters" are part of the HTTP request body. “ GET参数”是URL的一部分,而URL是HTTP请求头的一部分,“ POST参数”是HTTP请求主体的一部分。 Both are part of the same HTTP request, which is all just plain text. 两者都是同一个HTTP请求的一部分,而这些HTTP请求只是纯文本。 There's no difference in "security". “安全性”没有区别。
Use GET or POST semantically depending on the kind of request, not because of security concerns. 根据请求的类型在语义上使用GET或POST,而不是出于安全考虑。
The only thing is that the requested URLs are more likely to appear in log files than the entire request body. 唯一的问题是,与整个请求正文相比,请求的URL更可能出现在日志文件中。 But the one logging would be the service you send the data to anyway, so it doesn't make much of a difference. 但是,无论如何,一个日志记录就是您将数据发送到的服务,因此并没有太大的区别。
解决方案2
1 2012-11-30 11:06:13
None of them is secure, but if you use a secure connection (https) you can use POST, asthe body will get encrypted. 它们都不是安全的,但是如果您使用安全连接(https),则可以使用POST,因为主体将被加密。 It is not a good idea to send passwords, not even usernames with the URI. 发送密码,甚至不发送带有URI的用户名都不是一个好主意。
解决方案3
1 2012-11-30 11:09:02
In this cause because you are using HTTPS, GET and POST as just as secure as eachother because both of which will be encrypted on the transport layer. 由于这个原因,因为您正在使用HTTPS,GET和POST一样安全,因为两者都将在传输层上进行加密。
If for example you weren't using HTTPS then in some cases, POST can be better but not necessarily more secure . 例如,如果您未使用HTTPS,则在某些情况下,POST可能会更好,但不一定更安全 。 This is because servers typically log the querystring whereas POST data isn't typically logged. 这是因为服务器通常记录查询字符串,而POST数据通常不记录。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.