On Sat, Oct 20, 2018, 19:20 messido <[email protected]> wrote:
> Speaking off passing parameters, is there a safer way to pass parameters > from > JS to Java than sending them as HTTP request parameters? It is incorrect to think of GET vs. POST as unsafe. It is true that you should generally not include sensitive information in the URL visible in the browser. This has no bearing on visibility of data sent strictly via JavaScript, and no bearing on whether that data will be readable if intercepted by a third party (it will be regardless of HTTP method unless you use proper encryption). As far as security goes, be sure to use SSL/TLS, and be sure that you do not allow users to arbitrarily dictate connection parameters. - Mike
