Handle Query strings in laravel and how secure Are they
i want to know how secure is it to handle post requests with Query strings and if its not secure how can i disable the user to send any query string to my api cause right now the user is able to send any query string regardless of its being right query string or wrong one and in the end can $request get the data from body(From Post man app sending )
Querystring are never really secure since they are sent as plain text and are therefore quite easy to update
?sort=desc
In your api you can just ignore any querystring added to the call.
If you have route parameters like or pretty urls as it also called you still have that issue that the user can change it and you have to handle it gracefully.
'posts/{id}'
You can send in in the request header that way it won't be visible to the user in the url but still not 100% secure since the user can spoof those but it's a bit harder.
Anyway which ever way you choose to use you need to make sure the passed data isn't dangerous or makes your application throw unhandled exceptions.
Query strings parameters are just as secured as POST body parameters. There is zero impact on the security, whatever the request method is or the place you put your parameters.
If you want your parameters to be secured from anyone exept the host server, just use HTTPS.
