×

Loading...
Ad by
  • 最优利率和cashback可以申请特批,好信用好收入offer更好。请点链接扫码加微信咨询,Scotiabank -- Nick Zhang 6478812600。
Ad by
  • 最优利率和cashback可以申请特批,好信用好收入offer更好。请点链接扫码加微信咨询,Scotiabank -- Nick Zhang 6478812600。

bingle 的 URL 中的 15.1.3 或多或少肯定了我的猜测,我是这方面的外行,还望大家参谋。现在的问题是,对于一个用 GET method 写的 client (C++),要把它变成 POST,是要改设置呢?还是要改程序呢?

15.1.3 Encoding Sensitive Information in URI's
Because the source of a link might be private information or might reveal an otherwise private information source, it is strongly recommended that the user be able to select whether or not the Referer field is sent. For example, a browser client could have a toggle switch for browsing openly/anonymously, which would respectively enable/disable the sending of Referer and From information.

Clients SHOULD NOT include a Referer header field in a (non-secure) HTTP request if the referring page was transferred with a secure protocol.

Authors of services which use the HTTP protocol SHOULD NOT use GET based forms for the submission of sensitive data, because this will cause this data to be encoded in the Request-URI. Many existing servers, proxies, and user agents will log the request URI in some place where it might be visible to third parties. Servers can use POST-based form submission instead
Report

Replies, comments and Discussions:

  • 工作学习 / IT技术讨论 / 请教 GET 和 POST 有何区别?What I know now is that a client written in C++ talks to the server in GET mode and the server is able to log the message sent by the client, .
    a JAVA client, however, usually sends messages in POST mode then the server is unable to log the messages.

    What happens here? What is the difference between GET and POST? I know JAVA client can also be configured or coded to send in GET mode, I just do not know how.

    The webserver is IIS and coded by C++.
    • Hypertext Transfer Protocol -- HTTP/1.1中的定义
    • 二者都可以把client端的信息通过submit发向服务器,GET在发送较大信息(>8194K)时有很大的问题,MS建议以IIS作服务器的应用尽量用POST命令,这是最实用的区别
      • 嘿嘿,是8k,不是8194k
        • You r right, 8192bytes
    • Thanks everyone. It sounds that both GET and POST are good as far as message exchange between client and server is concerned, the difference might lie in the way the message is carried.
      Can somebody elaborate on this topic furthermroe? I think our server is able to handle messages incoming in GET mode, but when it receives a message in POST mode it logs no content in the webserver's log even it succeeds in interpreting the the message and successfully sends a proper response back to the client.

      In a nutshell, the only abnormal thing is that the web server fails to log content when a message is in POST mode. Why?

      It sounds like GET is faster than POST as POST is capable to and is designed to handle large amount of data, right?

      An existing JAVA client was coded to send in POST method, how to turn it to GET?
      • For GET, the request string is in the HTTP header (part of URL); for POST, the request string is in the body. If you want to log POST request, you'll have to do it in your application.
        • Got it, thank you so much.
      • GET在建立连接后发送HTTP头时就发送,而POST,PUT是在连接建立后,HTTP头也发送后才发送,前者缀在URL中,可以BOOKMARK,后者不可以。
        • 这是不是说 POST 的安全性更好呢?我猜想SSL的连接建好后再发数据的话(POST),数据是在 Secured 情况下发的,所以安全。而 GET 在连接没建好的情况下发的话,SSL 加密都没用到,何谈安全?
          • bingle 的 URL 中的 15.1.3 或多或少肯定了我的猜测,我是这方面的外行,还望大家参谋。现在的问题是,对于一个用 GET method 写的 client (C++),要把它变成 POST,是要改设置呢?还是要改程序呢?
            15.1.3 Encoding Sensitive Information in URI's
            Because the source of a link might be private information or might reveal an otherwise private information source, it is strongly recommended that the user be able to select whether or not the Referer field is sent. For example, a browser client could have a toggle switch for browsing openly/anonymously, which would respectively enable/disable the sending of Referer and From information.

            Clients SHOULD NOT include a Referer header field in a (non-secure) HTTP request if the referring page was transferred with a secure protocol.

            Authors of services which use the HTTP protocol SHOULD NOT use GET based forms for the submission of sensitive data, because this will cause this data to be encoded in the Request-URI. Many existing servers, proxies, and user agents will log the request URI in some place where it might be visible to third parties. Servers can use POST-based form submission instead
            • "Authors of services which use the HTTP protocol SHOULD NOT use GET based forms for the submission of sensitive data......",这些都是针对 HTTP 的。HTTP-SSL 是不是就不用顾忌这些?GET 在HTTP-SSL下安全吗?
              • 安全是肯定的,我现在用的就是POST+SSL,但是SSL的握手是在连接后建立还是在发送HTTP HEADER以后建立,我要看看LOG才知道。但是POST肯定比GET要好一些。
                • Friend, 看了 log 了吗?SSL 加密机制是在送 HEADER 前还是后建立的?
                  • HTTPS没咱们想象那么笨,连接断口时候就是加密的啦,可以放心了。
                    • 太谢谢了。我先前的疑问100%得到解答,再谢各位。
            • 是用啥写的吗?除了C++之外,即使用VC,也有不同的库啊。
              • 不清楚。我每次就把N年前 Developer 用 C++ 整的 dll 丢给新的客户。俺不清楚客户还用到什么别的东东吗。俺也没参与开发,俺也不太懂这些。
    • GET 用URL 传送信息 POST用STDIN 传送, GET得到的结果可以bookmark
    • among others, get is UDP, post is TCP. ;)
      • WRONG, All are HTTP/TCP