Hi, If you are using https, url parameters are automatically encrypted because client's http request is sent via the secured channel created after SSL handshake.
One more disadvantage of using url parameters is, browsers cache them. On Fri, Nov 28, 2014 at 11:34 AM, Mahesh Chinthaka <mahe...@wso2.com> wrote: > Hi Sameera, > > When passing url parameters, are you going to encrypt them and pass ? > > On Fri, Nov 28, 2014 at 11:29 AM, Udara Liyanage <ud...@wso2.com> wrote: > >> Hi, >> >> Either was is not 100% secure uncless you use HTTPS. However >> disadvantages of passing via url parameter is there is a posibility that >> url parameters may be printed in logs which is insecure. >> >> On Fri, Nov 28, 2014 at 9:05 AM, Sameera Jayaratna <samee...@wso2.com> >> wrote: >> >>> Hi, >>> >>> I'm working on Password recovery for ES, following [1]. >>> >>> According to [1], in the sequence of calls to the >>> *UserInformationRecoveryService, >>> *the key generated in one call needs to be passed to the next call for >>> verification. These calls occur in different views, so we need to pass the >>> keys from one view to the next. >>> >>> What is the best way to do this? >>> >>> >>> - passing as url parameters? >>> - storing them in the session? >>> >>> Is there any security concerns related to either approach? >>> Or is there a better way to do this? >>> >>> Any thoughts on this would be helpful. >>> >>> Thank you, >>> Sameera >>> >>> [1] https://docs.wso2.com/display/IS500/Recover+with+Secret+Questions >>> >>> -- >>> >>> >>> >>> *Thanks & Regards,Sameera Jayaratna Software Engineer; **WSO2 Inc. * >>> >>> *lean . enterprise . middleware | http://wso2.com <http://wso2.com> * >>> >>> _______________________________________________ >>> Dev mailing list >>> Dev@wso2.org >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >> >> >> -- >> >> Udara Liyanage >> Software Engineer >> WSO2, Inc.: http://wso2.com >> lean. enterprise. middleware >> >> web: http://udaraliyanage.wordpress.com >> phone: +94 71 443 6897 >> >> _______________________________________________ >> Dev mailing list >> Dev@wso2.org >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > *Mahesh Chinthaka Vidanagama* | Software Engineer > WSO2, Inc | lean. enterprise. middleware. > #20, Palm Grove, Colombo 03, Sri Lanka > Mobile: +94 71 63 63 083 | Work: +94 112 145 345 > Email: mahe...@wso2.com | Web: www.wso2.com > > _______________________________________________ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Udara Liyanage Software Engineer WSO2, Inc.: http://wso2.com lean. enterprise. middleware web: http://udaraliyanage.wordpress.com phone: +94 71 443 6897
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
