Win a copy of Design for the Mind this week in the Design forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

GET or POST which one is fast ?

 
Karn Kumar
Ranch Hand
Posts: 153
Eclipse IDE Java Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All ,

Can anyone suggest which method out of GET or POST method is fast.

Thanks in advance to all of you...

Regards,
Chetan
 
Ashwin Sridhar
Ranch Hand
Posts: 277
Flex Oracle Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Performance has got nothing to do with HTTP method i suppose.
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64700
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Assuming that the same processing is done for either method, there is no appreciable difference.
 
baji shaik
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

Performance wise both are almost equal, but features wise we can differentiate these methods:

GET:
The request type is GET
It will show the parameters in the request URL, like as http:...../login.do?name=baji,password=***
The length of the query string(i.e URL) is limited

POST:
The request type is POST
It'll hide the requests parameters
The length of the query string(i.e URL) is much length than GET
More secure than GET


Regards,
Baji
 
Wouter Oet
Saloon Keeper
Posts: 2700
IntelliJ IDE Opera
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
baji shaik wrote:POST:
[...]
More secure than GET
Why would POST be more secure?
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64700
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
POST is not more secure than GET. This is a common misconception. Just because the params are in the body rather than on the URL, this affords no extra level of security.
 
Rameshwar Soni
Ranch Hand
Posts: 247
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
So according to you GET is more secure than POST. How?
 
Rameshwar Soni
Ranch Hand
Posts: 247
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Bear Bibeault wrote:POST is not more secure than GET. This is a common misconception. Just because the params are in the body rather than on the URL, this affords no extra level of security.


So how GET is more secured than POST
 
Matthew Brown
Bartender
Posts: 4566
8
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Rameshwar Soni wrote:So how GET is more secured than POST

It isn't. They're as secure as each other.
 
Rameshwar Soni
Ranch Hand
Posts: 247
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Matthew Brown wrote:
Rameshwar Soni wrote:So how GET is more secured than POST

It isn't. They're as secure as each other.

Can you give an simple example to explain? So that i have a clear idea
 
Matthew Brown
Bartender
Posts: 4566
8
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
There's not much to explain. In both of them the parameters are sent in plain text in the HTTP request - just in a different part of the request. If you can intercept/fake/tamper with one of them, it's no more difficult to do it to the other.
 
Rameshwar Soni
Ranch Hand
Posts: 247
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks for the reply...
 
Tim Holloway
Saloon Keeper
Pie
Posts: 18094
48
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I, too am curious about how POST and GET are equally insecure. If I'm not mistaken, when TLS is active, the body (headers, cookies, POST contents, etc.) are encrypted, but the URL cannot be because otherwise it wouldn't be routable.

As far as speed goes, a GET request is generally going to be physically smaller, so it will take less time to deal with. But that's only the tip of the iceberg. A get request that kicks off a major server-internal operation is going to lose that edge, and the size of the response is potentially the same for both GET and POST. So picking one over the other for performance reasons alone is a waste of time.
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64700
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
No mention of SSL was made, so my assumption was that there is none.

There's a great misconception that just because the parameter information is in the body of the request that this affords a level of security. It does not. Security is obtained through TLS/SSL.
 
karunakar bandi
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
user entered information is append to the url in a query string can only send limited amount of data
the size of the character is sending doget method in the get request will go through the header thats ways its limltation
example:- /servlet/view/firstname=karunakar&lastname=bandi


postmethods requests user entered information is send as adata(not append to url) can send any of data in post the request will go through the body
 
Wouter Oet
Saloon Keeper
Posts: 2700
IntelliJ IDE Opera
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Tim Holloway wrote:I, too am curious about how POST and GET are equally insecure. If I'm not mistaken, when TLS is active, the body (headers, cookies, POST contents, etc.) are encrypted, but the URL cannot be because otherwise it wouldn't be routable.
You're partially incorrect. An url looks like this: scheme://domain:port/path?query_string#fragment_id e.g. http://coderanch.com/forums?something=lalala. yet the only part needed for routing is the "coderanch.com" part. The rest isn't necessary for that and is in fact encrypted. Easy to understand example I found: here.
 
Tim Holloway
Saloon Keeper
Pie
Posts: 18094
48
Android Eclipse IDE Linux
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Actually, the ENTIRE URL should be encryptable, and not just the query string. In any event, for full routability, you need the port number in addition to the hostname or IP address. Technically, you also need the context part of the URL, but I'll assume that the appserver has decrypted the data stream by that point.

The reason why (in theory) even the protocol/hostname/port should be encrypt-able is because the actual tcp/ip network communications protocol carries the IP address and port number in the packet header. If the destination port is set up for TLS (like port 443 and 8443 usually are), then the payload can be fully encrypted, including the GET command string. I think the plaintext hostname in the sample dump isn't actually part of the encrypted payload, but I'm too lazy to pull out tcpdump and verify it.
 
Karn Kumar
Ranch Hand
Posts: 153
Eclipse IDE Java Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,

I have one more doubt that is there any limit of the data in the POST method like GET where we are restricted at particular level.



 
singh gaurav
Ranch Hand
Posts: 42
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
GET/POST both are HTTP methods,

GET sends data in name vale pair ,POST uses a Stream,GET is More fast but not secure,
GET method can carry only 1024 bit of data ,i dont know exactly, but i am sure it can carry limited amount of data.
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64700
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
singh gaurav wrote:GET sends data in name vale pair ,POST uses a Stream

This is not accurate. GET params are encoded as name/value pairs on the query string, but POST can also be name/value pairs encoded into the body. In fact any textual data can be sent in the body, not a "stream" (whatever that means). The body could be XML, could be JSON, could be the Base64 encoding of a binary blob -- just about anything that's text.

GET is More fast but not secure,

Once again, GET is not "more fast". Any processing differences between a GET and a POST sending the same amount of data and processing the same way on the server will be completely trivial.

GET method can carry only 1024 bit of data

That actually depends upon the browser.
 
singh gaurav
Ranch Hand
Posts: 42
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
@Bear Bibeault.... It may be possible ...i answered here in a layman terms ...and i suppose whatever i am saying here is true ...

consider this one "Now i can control a air craft ,a ship, fighter plane, a F1 car , a bus , metro train, super fast bullet train and all other many more things " by using my mobile phone in a single time instance but i need to update my mobile ..............

what it means ... in the same way you can secure a GET method / can send a xml/ or send name value pair via Post method...but you have to do a lot of complex implementations ,,,,,,,,,,,,,,,,,,,,,,,, hope you got my point ... and i am not expecting such type of comment from a very respected and a experience person....

[Not nice portion removed]
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64700
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
singh gaurav wrote:and i suppose whatever i am saying here is true ...

Sorry, no, There were factual errors in your post.

You stated that GET is faster than POST. Not true. It all depends on what the requests are doing, and if they are doing the exact same thing, the processing time will be so close as to be considered the same.

You stated that GET is not secure. POST is also not secure. No request is secure simple based upon the choice of method. Requests are secure by using SSL.

You stated that POST uses a "stream" while GETs use name/value pairs. POSTs store a text block in the body (which can be name/value pairs) not a s stream. Perhaps you are thinking about how the Servlets API allows you to read the POST body using a stream, but the content of the POST body is just text.

I'm sorry if it makes you feel bad to be corrected, but what you posted was not accurate and could be misleading to the novices in the audience.
 
Paul Anilprem
Enthuware Software Support
Ranch Hand
Posts: 3713
10
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If effort required to decipher/interpret the request is a measure of how secure it is, I would say POST is indeed more secure than GET. Certainly not substantially, I agree, but marginally.
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64700
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Paul Anilprem wrote:If effort required to decipher/interpret the request is a measure of how secure it is

It is not. How does that afford any level of security?

Besides, deciphering a POST is no more difficult that deciphering a corresponding GET.
 
Paul Clapham
Sheriff
Pie
Posts: 20958
31
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It's more secure in the sense that closing your front door without locking it is more secure than leaving your front door open.
 
Paul Anilprem
Enthuware Software Support
Ranch Hand
Posts: 3713
10
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Paul Clapham wrote:It's more secure in the sense that closing your front door without locking it is more secure than leaving your front door open.


You got it. It's more secure for the cats :)
 
Alexander Sales
Ranch Hand
Posts: 89
Eclipse IDE Java Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
baji shaik wrote:
It will show the parameters in the request URL, like as http:...../login.do?name=baji,password=***


Is the url given legal?
 
Elchin Asgarli
Ranch Hand
Posts: 222
Chrome Eclipse IDE Google Web Toolkit
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
POST is secure only if used with SSL. SSL does not encrypt query string, so even if you use GET and SSL, it will be still unsecure.
 
Pete Nelson
Ranch Hand
Posts: 147
Debian Eclipse IDE Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The difference between GET and POST is not so much about security, but about idempotence. Take a look at what HTTP creator Tim Berners-Lee has to say about GET and POST - http://www.w3.org/Provider/Style/Input.html .
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic