Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Security: Brute-forcing GET-requests by URL?

Tags:

security

authentication

url

http-method

what should my concerns be if I we're about to make an application that handles logins the following way:

http://api.myApp.example/printSomething/username/password/

How insecure is it compared to a normal login page that are based on POSTed user details (username+password)? Is there a difference?

Thanks

like image 614
Industrial Avatar asked Nov 29 '22 19:11

Industrial

1 Answers

Simply don't do that. Use POST method instead of that. You should never allow sensitive info in URLs.

like image 134
Sarfraz Avatar answered Dec 01 '22 09:12

Sarfraz
Sign in to Comment

Related questions

Symfony2 - Access is denied (user is not fully authenticated)
ldapsearch: Invalid credentials
Laravel 5.2 -> 5.3 Auth::user() returning null
Cloud Firestore with Authentication
Can't access variable key inside .env (dotenv package React)
WCF net.tcp bindings, message formats and security questions
MongoDB not authorized for query admin.system.users
Keycloak: Script Authenticator missing?
How do I manually log a user in with a MembershipProvider?
Windows authentication in MVC
j_security_check with Primefaces
Django using email authentication with djoser for login
How to get the username of the user accessing ASP.NET intranet page within local network?
Read https url from Python with basic access authentication
Better name for a method than "isThis()"
How to clear Login Attempts in Laravel?
I want to use window.localStorage in Vuex in Nuxt.js
Is there a way to prevent saved authentication in Tortoise SVN
Cakephp 2 - check if a user is logged in view
How to implement auto refresh in client side(vue.js)?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!