SSL is a must.
POST method is not more secure than GET as it also gets sent unencrypted over network.
SSL will cover the whole HTTP communication and encrypt the HTTP data being transmitted between the client and the server.
More Related Contents:
- Are HTTPS headers encrypted?
- Pure JavaScript Send POST Data Without a Form
- Send POST data using XMLHttpRequest
- Fundamental difference between Hashing and Encryption algorithms
- What is the best way to implement “remember me” for a website? [closed]
- JWT (JSON Web Token) automatic prolongation of expiration
- Will web browsers cache content over https
- Best way to handle security and avoid XSS with user entered URLs
- Is it possible to reverse a SHA-1?
- How do you protect your software from illegal distribution? [closed]
- How can I throttle user login attempts in PHP
- Why is using a Non-Random IV with CBC Mode a vulnerability?
- Post form data using HttpWebRequest
- What is happening when I have two CSP (Content Security Policies) policies – header & meta?
- Username and password in https url
- What is the difference between a cer, pvk, and pfx file?
- Why do salts make dictionary attacks ‘impossible’?
- If you use HTTPS will your URL params will be safe from sniffing? [duplicate]
- When the bots attack! [closed]
- Should I impose a maximum length on passwords?
- Use App Scripts to open form and make a selection
- SSO with CAS or OAuth?
- What’s the best approach for generating a new API key?
- Best practices for server-side handling of JWT tokens [closed]
- How do I secure REST API calls?
- What are best practices for securing the admin section of a website? [closed]
- How can I hash passwords in postgresql?
- How is it possible to access memory of other processes?
- How do you protect code from leaking outside? [duplicate]
- Has Hardware Lock Elision gone forever due to Spectre Mitigation?