It doesn't matter if you use GET or POST. If you don't sign requests, you don't ... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

jwr on Jan 17, 2011 | parent | context | favorite | on: GET vs POST in terms of security

It doesn't matter if you use GET or POST. If you don't sign requests, you don't know where they are coming from.

In the API we've implemented recently in our company (e-commerce search-as-a-service) we use request signing exactly according to Amazon's AWS specs.

blantonl on Jan 18, 2011 [–]

I don't think it is a matter of where it came from, it is a matter of who it came from.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact