转:http://cuishen.iteye.com/blog/2019925
HTTP / HTTPS request 的 get / post 方法的区别:
A. 定义及安全性的区别:
refer:
http://blog.csdn.net/csj50/article/details/5687850
http://www.cnblogs.com/hyddd/archive/2009/03/31/1426026.html
B. 性能区别:
据Yahoo mail team 说: post方法在AJAX 请求下会被拆分成两个: sending header first, then sending data;
逆向思维: post的请求如果没有data string,那么性能上应该和get是相同的。
refer:
http://developer.yahoo.com/performance/rules.html#ajax_get
An interesting side affect is that POST without actually posting any data behaves like GET. Based on the HTTP specs, GET is meant for retrieving information, so it makes sense (semantically) to use GET when you're only requesting data, as opposed to sending data to be stored server-side.
C. 安全性扩展
据说在https下除了URL中host path (e.g. "https://cuishen.iteye.com/blog/2017537" 中的"cuishen.iteye.com") 部分是明文的,其他任何请求内容/应答都是加密的,所以从这个角度讲: 相对http GET而言,https下的GET方法更安全些,至少黑客在监听信道的时候只能拿到密文;
但是因为GET方法的URL会出现在浏览器的address bar和history里面(https下也是这样),所以依然是个安全隐患。
所以说,在四种组合下面,https + post是最安全的组合!
refer:
http://stackoverflow.com/questions/499591/are-https-urls-encrypted
http://www.cnblogs.com/zhuqil/archive/2012/07/23/2604572.html
--------------------
Add some founding:
尽管AJAX下的https GET请求的URL不会被记录在browser的history里面,但是会被记录在Firefox的memory cache里面:
try below URL in Firefox:
- about:cache?device=memory
POST方法则不会!!
So, 在一些安全性要求比较高的场合,还是尽量避免使用GET方法吧!