-1

In Angular, is it secure to use Http Get when calling Web API, supplying password in the field? Or is it more secure if one uses Http Post?

The following is an example on how to perform Http.get in angular

http.get(baseUrl + 'api/GetAddressCount')
            .subscribe(res => this.AddressCount = res.json() as Number);
Kamil Naja
  • 6,267
  • 6
  • 33
  • 47
user1034912
  • 2,153
  • 7
  • 38
  • 60
  • They're both about the same amount of secure. Just because the fields aren't in the URL doesn't mean they can't be easily accessed – tymeJV Jan 04 '18 at 13:06

1 Answers1

1

First of all so this has nothing to do with angular. GET, POST or HTTP as a whole is unaware of what client side framework you are using.

To answer your question: it's always better to use POST with sensitive data. If you do a GET request, then this URL can one day be copied and shared and your password will be visible to all. POST won't have this problem. Some additional problems (copied from answer here):

  • URLs are stored in web server logs
  • URLs are stored in the browser history
  • URLs are passed in Referrer headers

P.S. Another question is transition security: both methods offer no difference here, so you should send this only over HTTPS.

Ilya Chernomordik
  • 27,817
  • 27
  • 121
  • 207