Flexibility Vs. Security
A URL query string allows for flexibility in retrieving data from a web server and possibly from the database used to populate pages for that web server. A read only data store, such as a weather mapping service, is one example where URL query strings can be used with great flexibility.
In some circumstances, a URL query string may expose security issues because it can be edited by a user to retrieve data that they do not have access to. In particular, a URL query string containing a username and password could be used with a dictionary attack to guess at valid login credentials to a particular web site. This concern is not specific to query strings—form data submitted via POST can also be similarly retrieved and edited by the user, with the appropriate browser extensions. Most secure webservers use at least MD5 hash checking, or more powerful encoding methods to validate all given strings.
Read more about this topic: Query String
Famous quotes containing the word security:
“Is a Bill of Rights a security for [religious liberty]? If there were but one sect in America, a Bill of Rights would be a small protection for liberty.... Freedom derives from a multiplicity of sects, which pervade America, and which is the best and only security for religious liberty in any society. For where there is such a variety of sects, there cannot be a majority of any one sect to oppress and persecute the rest.”
—James Madison (1751–1836)