Using GET instead of POST to delete data behind authenticated pages

Question

Using GET instead of POST to delete data behind authenticated pages

I know that you should use POST when the data is changed on a public website. There are several reasons, including the fact that search engines will follow all links and modify data.

My question is: do you think that using GET behind authenticated pages in some kind of interface?

One example is a list of products with a link to delete on each line. Since the only way to get to the page is if you are logged in, is there any harm only when using the link with the product identifier in the query line?

Comment development:

I personally do not have problems or problems when performing deletions using POST. I just saw some code examples in ASP.NET and ASP.NET MVC for pages like "admin like" that use GET instead of POST. I am curious about the opinions of people on this issue.

+3

http asp.net-mvc crud

Matt spradley Mar 11 '10 at 17:35

source share

8 answers

GET , JavaScript. , , , GET .

, , , GET , POST, . :

<a href="/controller/delete/1" onclick="$.post(this.href); return false;">Delete</a>

GET /controller/delete/x, POST. POST (, , DELETE), .

+5

Frank Schmitt 11 . '10 19:37

- GET - - (?) -, URL, (, XSS). , , , RESTful.

, ...

+3

Justin Ethier 11 . '10 17:39

GET POST . . , , " " .

XSS CSRF, HTML () , , / captchas.

+3

BalusC 11 . '10 17:44

.

() GET, . , , ( prefetching ).

+2

Julian Reschke 11 . '10 18:07

GET. , -. , GET- . URL- - . - http://www.fakesite.site/posts/delete?ID=1, , , ID # 1, .

+2

Jim 11 . '10 19:38

, , - , - , . : " , ?"

+1

Ray 11 . '10 17:41

GET POST , , , GET HTTP, URL.

, , , get .

-3

Keith Adler 11 . '10 17:41

AlfonsoML · Accepted Answer · 2010-03-11T19:25:45+0000

Some people have learned that this is a very bad idea.

Google " " (Google Web Accelerator), ( , ...), - , : ", , , "

, - .

Using GET instead of POST to delete data behind authenticated pages

More articles: