Win a copy of Functional Reactive Programming this week in the Other Languages forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Get vs post in servlets

 
srikanth darbha
Ranch Hand
Posts: 46
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
can anyone help me the exact difference between get and post types as far as i have learnt the post type cannot carry parameters with its url where as get can carry parameters in its url,is this correct?,
 
keerthi vineela
Greenhorn
Posts: 24
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Srikanth,

The differences between GET and POST are

Get
--------
Through Get we can send only limited data ,maximum 1 KB.
Bookmarking is possible as we the parameters are appended to the URL.
Less secure as parameters are visible in URL.

Post
----
Sends unlimited data.
Bookmarking is not possible.
Secured.

go throgh the below link for more explanation
http://geekexplains.blogspot.in/2008/06/difference-between-get-and-post-methods.html
 
Gangadhara Rao Duvvarapu
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Difference between GET and POST methods

Fundamental Difference is probably the Visibility - GET request is sent via the URL string (appended to the URI with a question-mark as separator), which is visible whereas POST request is encapsulated in the body of the HTTP request and can't be seen.
Length - Since, GET request goes via URL, so it has a limitation for its length. It can't be more than 255 characters long (though this is browser dependent, but usually the max is 255 characters only). Whereas no such maximum length limitation holds for the POST request for the obvious reason that it becomes a part of the body of the HTTP request and there is no size limitation for the body of an HTTP request/response.
Performance - GET request is comparatively faster as it's relatively simpler to create a GET request and the time spent in the encapsulation of the POST request in the HTTP body is saved in this case. In addition, the maximum length restriction facilitates better optimization of GET implementation.
Type of Data - GET request is sent via URL string and as we all know that URL can be text-only, so GET can carry only text data whereas POST has no such restriction and it can carry both text as well as binary data.
Caching/Bookmarking - again for the obvious reason that a GET request is nothing but an URL hence it can be cached as well as Bookmarked. No such luxuries with a POST request.
FORM Default - GET is the default method of the HTML FORM element. To submit a FORM using POST method, we need to specify the method attribute and give it the value "POST".
Data Set - GET requests are restricted to use ASCII characters only whereas POST requests can use the 'enctype' attribute with a value "multipart/form-data" to use the Universal Multiple-Octet Coded Character Set (UCS).
 
Ulf Dittmer
Rancher
Posts: 42968
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Gangadhara Rao Duvvarapu wrote:Performance - GET request is comparatively faster as it's relatively simpler to create a GET request and the time spent in the encapsulation of the POST request in the HTTP body is saved in this case. In addition, the maximum length restriction facilitates better optimization of GET implementation.

I sincerely doubt that one could come up with a scenario where performance makes enough of a difference to trump other considerations (or even makes a measurable difference to begin with).
 
Jelle Klap
Bartender
Posts: 1952
7
Eclipse IDE Java
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
There's also the matter of safety and idempotence to consider. Note that these apply to the HTTP/1.1 method definitions and need not necessarily be applied to the corresponding methods of HttpServlet, doGet() and doPost(), although that is strongly advisable.
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 65225
95
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
keerthi vineela wrote:
Secured.


FALSE.

This is a common myth. A POST is no more secure than a GET. SImply because the parameters are not available on the URL does not make them in any way more secure than the parameters that are exposed.

The myth of security is not why on should choose a POST over a GET. HTTP defined how these methods should be used. In a nutshell, a GET is used to fetch an idempotent resources, whils a POST can cause a non-ideomtpotent changes to the server.
 
Ulf Dittmer
Rancher
Posts: 42968
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Bear Bibeault wrote:A POST is no more secure than a GET.

Well... that depends on what "secure" means in this context. POST parameters are recorded in fewer places than GET parameters - which can end up being stored in browser histories, web server access logs, HTTP caches etc. In that sense POST data is more secure. With respect to being observed in traffic, there is no difference.
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 65225
95
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The lack of recording affords so little added security that it's barely a blip. I think far too many people think that sending something like a password in clear text is "secure" because a POST is used. It is not.
 
Ulf Dittmer
Rancher
Posts: 42968
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Bear Bibeault wrote:The lack of recording affords so little added security that it's barely a blip.

That depends on what kinds of attacks are anticipated. Saying that something is "secure" is generally only meaningful with respect to particular attacks. Sometimes it's the common attacks one wants to guard against, sometimes the not so common ones.
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 65225
95
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sure, but my point is, using POST in no way makes the transmission "secure". Too many people that think if they can't see it on the screen, it's somehow "secure". It is not.

When people say "secured" they usually mean against all known types of attack. So saying "a POST is secured" is a falsehood. It is vulnerable to the most common types of attacks used.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic