Software, your way.
burger menu icon
WillMaster

WillMasterBlog > Content Protection

FREE! Coding tips, tricks, and treasures.

Possibilities weekly ezine

Get the weekly email website developers read:

 

Your email address

name@example.com
YES! Send Possibilities every week!

Link Security Considerations

Even on a secure web page, tapping a link can result in compromised information.

There are two ways data is insecure even when you are viewing a secure web page with the browser's lock icon closed.

  1. The URL in the browser's address bar is visible and not encrypted. Therefore, if the URL contains any information for the destination web page, the information will not be secure.

    Here is an example URL with information:

    https://example.com/page.php?person=Will&email=will@example.com
    
  2. The server log that records the arrival of a browser at the destination web page will record the URL. If the URL contains any information, it will be recorded in the log.

    For an example URL with information, see the previous list item.

The above example requests the destination web page with method GET, which is the method generally used when a link is tapped.

When the destination web page is requested with method POST instead of method GET, both of the above insecurities are eliminated.

  1. With method POST, the URL in the browser's address bar contains only the protocol and domain name. With an SSL connection, any information is sent securely to the destination web page.

  2. With method POST, only the protocol and domain name are recorded in the server log. Any information sent to the destination web page is not recorded in the server log.

Tapping a link to another web page generally is method GET. Submitting a form generally is method POST.

The Willmaster.com library's Posting Links article describes how to make links that submit method POST. A link with information that must be secure when tapped can be made with the information described in that article.

Usually, links don't need to be secure, even when they contain additional information. But when the information must not be compromised, sending it method POST is the prudent thing to do.

(This content first appeared in Possibilities newsletter.)

Will Bontrager

Was this blog post helpful to you?
(anonymous form)

Support This Website

Some of our support is from people like you who see the value of all that's offered for FREE at this website.

"Yes, let me contribute."

Amount (USD):

Tap to Choose
Contribution
Method


All information in WillMaster Blog articles is presented AS-IS.

We only suggest and recommend what we believe is of value. As remuneration for the time and research involved to provide quality links, we generally use affiliate links when we can. Whenever we link to something not our own, you should assume they are affiliate links or that we benefit in some way.

Recent Articles in the Library

Extracting Dates From the Unix Timestamp

The UNIX timestamp can be used to determine the represented time for any time zone on Earth.

Submit Form Data Without Bothering User

To silently and effectively submit a form on a web page, Ajax with FormData() can be used.

CSS Dots

CSS dots can be used for interactions between web page and website user.

Email Testing

One thing to test when email doesn't get sent or doesn't arrive is whether the server actuall sends email.

Tap to Select

Find out how to make a link or button to select the content in a div or other HTML element.

Capitalizing the First Letter of Words

Here, find both PHP code and JavaScript code to capitalize the first letter of a word.

Fixed-position Table Header

During a vertical scroll, the table header scrolls out of view -- unless the header is fixed in position.

How Can We Help You? balloons
How Can We Help You?
bullet Custom Programming
bullet Ready-Made Software
bullet Technical Support
bullet Possibilities Newsletter
bullet Website "How-To" Info
bullet Useful Information List

© 1998-2001 William and Mari Bontrager
© 2001-2011 Bontrager Connection, LLC
© 2011-2024 Will Bontrager Software LLC