Menu
I am trying to implement user authentication process, and I have gone through enormous number of posts and totally agree that using HTTPS is probably best way to transfer username/password from client to server befor hashing.
Just out of curiosity, I want to know : how safe it is to send username/password from client to server using POST method along with enctype='application/x-www-form-urlencoded' as this also send form data in encoded form?
PS. I am using GWT for frontend and JAVA for backend.
881
To use it, we need to select the x-www-form-urlencoded tab in the body of their request. We need to enter the key-value pairs for sending the request body to the server, and Postman will encode the desired data before sending it. Postman encodes both the key and the value.
To use the x-www-form-urlencoded type in Postman, we need to select the radio button with the same name within the request's body tab. As already mentioned, the request consists of the key-value pairs. Postman will encode the data before sending it to the server. Additionally, it will encode both the key and the value.
Security considerations: In isolation, an application/x-www-form-urlencoded payload poses no security risks. However, as this type is usually used as part of a form submission, all the risks that apply to HTML forms need to be considered in the context of this type.
Sending data by way of the body instead of url params is the way to go, but to ensure that is not sniffed out, you must use HTTPS. Otherwise it will be plaintext. As to how safe? see here: https://security.stackexchange.com/questions/53596/how-safe-is-ssl
63
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
