Flexibility Vs. Security
A URL query string allows for flexibility in retrieving data from a web server and possibly from the database used to populate pages for that web server. A read only data store, such as a weather mapping service, is one example where URL query strings can be used with great flexibility.
In some circumstances, a URL query string may expose security issues because it can be edited by a user to retrieve data that they do not have access to. In particular, a URL query string containing a username and password could be used with a dictionary attack to guess at valid login credentials to a particular web site. This concern is not specific to query strings—form data submitted via POST can also be similarly retrieved and edited by the user, with the appropriate browser extensions. Most secure webservers use at least MD5 hash checking, or more powerful encoding methods to validate all given strings.
Read more about this topic: Query String
Famous quotes containing the word security:
“Those words freedom and opportunity do not mean a license to climb upwards by pushing other people down. Any paternalistic system that tries to provide for security for everyone from above only calls for an impossible task and a regimentation utterly uncongenial to the spirit of our people.”
—Franklin D. Roosevelt (18821945)