How Get is better than Post in Basic Authentication apache http client (Java Programming)
Question
I have heard that Post is most preferred while reaching a link which has password /sensitive information.
Q1.I know that Post is better than Put for Name-value pair parameters as ,the Get exposes it in URL and Post doesn't. But if we are talking about authentication ,How does it matter what method i use as i set the Credentials to the HttpClient not to the HttpGet or HttpPost.So credentials are not getting exposed anyway .The encapsulation of Name-value pairs is benefited by using POST.
CredentialsProvider credsProvider = new BasicCredentialsProvider();
credsProvider.setCredentials(
new AuthScope(target.getHostName(), target.getPort()),
new UsernamePasswordCredentials("user", "passwd"));
CloseableHttpClient httpClient = HttpClients.custom()
.setDefaultCredentialsProvider(credsProvider)
.build();
Q2. Again i can set the credentials as header to httppost as well to httpget like this..
String encoding = new BASE64Encoder().encode("user:passwd".getBytes());
httpGet.setHeader("Authorization", "Basic " + encoding);
httpPost.setHeader("Authorization", "Basic " + encoding);
Where does the post method takes precedence over get method?
1 answers
solution1
0 2016-11-30 19:40:11
我认为无论谁说post都比使用密码更好,这意味着密码将成为get请求中url的一部分,这显然是不好的。
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.