A GET command is more dangerous, in security terms, than a SET command?

Question

Just wondering if a GET command is considered more dangerous than a SET command, in terms of security. Thank you.

Answer 1

Using a GET command you read data, using a SET command you write data. In terms of GET, the main danger is that your user might want to read data, which should not be accessed for them. In that perspective, you have to face the danger of data theft. In terms of SET, the main danger is overriding your data with something inadequate.

So the question is mainly reduced to: are you more afraid of your data being damaged, or are you more afraid of your secrets being stolen? The answer greatly depends on the nature of the application you are developing. If you are developing a social network, the stored data is less important than in the case of top secret data of a banking application. If you do regular backups, then GET is more dangerous, since in a case of a successful hacky override, you can always refer back to your backup. To remedy the dangers of GET, you can introduce a privilege system, which should be well tested before you make your application available for a wider range of users.

Also, using SET the user might want to inject something, for example SQL Injection or XSS injection. That can be the first step of a data stealing manouver. So, the answer is that GET in general seems to be more dangerous, provided that you have a backup, but both are dangerous and should be secure.