| ▲ | doublerabbit 7 days ago | |
Is there anyway to secure a POST request at the backend, without client side encryption? The server processing the POST is still receiving the information posted regardless if the client is HTTPS or not. Say, you're attempting login, the password is still received by the server and which you do with whatever when processing. What's not stopping someone from injecting a trace on that receiving function? In other-words, How would you secure the server processing the POST request information? | ||
| ▲ | BrandoElFollito 7 days ago | parent [-] | |
You can't. It is just a matter of reducing the risk surface. With a GET someone may add parameters, with a POST they would send the data in the post (which is often the main point of a POST). Since all typical web servers/processors only loh the call and not the body there is a lesser probability of a leak. I am writing this as someone who manages cybersecurity and is offering faced with not enough information in investigations because of that. This is also the reason that I used "typical" and "usually" above - it is pretty weird what people send and how they process what they receive. | ||