I have an app built using with PhoneGap. In this app I need send a $_GET request to a server, but I don't know if this is secure.
The app uses https for the request. Can anyone intercept the content of my request?
Any suggestions?
Asked
Active
Viewed 502 times
0
-
please clarify what do you want to do here ? elaborate ? – Qarib Haider Jan 13 '14 at 08:15
-
i need send private data from my phonegap app to a external server, but i dont know how can i. – J261 Jan 13 '14 at 08:17
-
How do I establish a secure connection to the external server? – J261 Jan 13 '14 at 08:19
-
1Its better to use a SSL secured connection (https) for secure connection – Qarib Haider Jan 13 '14 at 08:24
-
When do I send a request via $ _GET from HTTPS, this safe? – J261 Jan 13 '14 at 08:30
-
it is but i will still prefer to use POST instead GET – Qarib Haider Jan 13 '14 at 13:37
2 Answers
1
It depends on what type of data you are sending or retrieving using get request. If the data is private then its not secure at all.
If you are querying data from database then you should sanitize the request, check for sql injections.
If the data is private, then do a POST request instead of get.
Use 2 ways encryption technique. Set a 'Key' by which you can encrypt data before sending and decrypt it when you receive it.
Qarib Haider
- 4,796
- 5
- 27
- 38
0
Anything sent over HTTPS is encrypted - you should get an SSL certificate for your server to authenticate it if you want people to send data to your server.
It doesn't matter if you send via GET, POST or any of the other HTTP protocols, what matters is using HTTP or HTTPS (SSL)
POST and GET via HTTP can be intercepted, but the data will be in plain text
POST and GET via HTTPS can still be intercepted, but the data will be encrypted making it harder but by not impossible to decrypt it.
You can also encrypt your own data using Javascript encryption libraries, transmit them via HTTPS, and decrypt them on your server. You can use the following JS and PHP libraries to get Phonegap and Serverside Encryption/Decryption of you packages:
I'd suggest doing both.
There are other similar SO questions: Is GET data also encrypted in HTTPS?
-
if there would not have been any difference b/w GET and POST then POST would not have been there .. GET request is much more easily tampered than a POST .. – Qarib Haider Jan 13 '14 at 13:36
-
There is a difference, I didn't say there wasn't. I said it doesn't matter and both can be intercepted. It's not hard to access and read POST data. It's besides the point, the main thing is to encrypt data and send over HTTPS. – Pete Jan 13 '14 at 15:19
-
Don't forget there's PUT and DELETE as well, I'm sure there are other methods as well that are used in RESTful services - in a RESTful service you are supposed to use different protocols, both GET and POST depending on the type of request you're making. I'm just trying to point out, using GET is fine – Pete Jan 13 '14 at 15:21