aspose file tools*
The moose likes Servlets and the fly likes GET or POST which one is fast ? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "GET or POST which one is fast ?" Watch "GET or POST which one is fast ?" New topic
Author

GET or POST which one is fast ?

Karn Kumar
Ranch Hand

Joined: Aug 06, 2009
Posts: 146

Hi All ,

Can anyone suggest which method out of GET or POST method is fast.

Thanks in advance to all of you...

Regards,
Chetan
Ashwin Sridhar
Ranch Hand

Joined: Jul 09, 2011
Posts: 272

Performance has got nothing to do with HTTP method i suppose.


Ashwin Sridhar
SCJP | SCWCD | OCA
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61434
    
  67

Assuming that the same processing is done for either method, there is no appreciable difference.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
baji shaik
Greenhorn

Joined: Aug 12, 2011
Posts: 1
Hi,

Performance wise both are almost equal, but features wise we can differentiate these methods:

GET:
The request type is GET
It will show the parameters in the request URL, like as http:...../login.do?name=baji,password=***
The length of the query string(i.e URL) is limited

POST:
The request type is POST
It'll hide the requests parameters
The length of the query string(i.e URL) is much length than GET
More secure than GET


Regards,
Baji
Wouter Oet
Saloon Keeper

Joined: Oct 25, 2008
Posts: 2700

baji shaik wrote:POST:
[...]
More secure than GET
Why would POST be more secure?


"Any fool can write code that a computer can understand. Good programmers write code that humans can understand." --- Martin Fowler
Please correct my English.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61434
    
  67

POST is not more secure than GET. This is a common misconception. Just because the params are in the body rather than on the URL, this affords no extra level of security.
Rameshwar Soni
Ranch Hand

Joined: Feb 03, 2011
Posts: 247
So according to you GET is more secure than POST. How?
Rameshwar Soni
Ranch Hand

Joined: Feb 03, 2011
Posts: 247
Bear Bibeault wrote:POST is not more secure than GET. This is a common misconception. Just because the params are in the body rather than on the URL, this affords no extra level of security.


So how GET is more secured than POST
Matthew Brown
Bartender

Joined: Apr 06, 2010
Posts: 4422
    
    8

Rameshwar Soni wrote:So how GET is more secured than POST

It isn't. They're as secure as each other.
Rameshwar Soni
Ranch Hand

Joined: Feb 03, 2011
Posts: 247
Matthew Brown wrote:
Rameshwar Soni wrote:So how GET is more secured than POST

It isn't. They're as secure as each other.

Can you give an simple example to explain? So that i have a clear idea
Matthew Brown
Bartender

Joined: Apr 06, 2010
Posts: 4422
    
    8

There's not much to explain. In both of them the parameters are sent in plain text in the HTTP request - just in a different part of the request. If you can intercept/fake/tamper with one of them, it's no more difficult to do it to the other.
Rameshwar Soni
Ranch Hand

Joined: Feb 03, 2011
Posts: 247
Thanks for the reply...
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 16145
    
  21

I, too am curious about how POST and GET are equally insecure. If I'm not mistaken, when TLS is active, the body (headers, cookies, POST contents, etc.) are encrypted, but the URL cannot be because otherwise it wouldn't be routable.

As far as speed goes, a GET request is generally going to be physically smaller, so it will take less time to deal with. But that's only the tip of the iceberg. A get request that kicks off a major server-internal operation is going to lose that edge, and the size of the response is potentially the same for both GET and POST. So picking one over the other for performance reasons alone is a waste of time.


Customer surveys are for companies who didn't pay proper attention to begin with.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61434
    
  67

No mention of SSL was made, so my assumption was that there is none.

There's a great misconception that just because the parameter information is in the body of the request that this affords a level of security. It does not. Security is obtained through TLS/SSL.
karunakar bandi
Greenhorn

Joined: Aug 12, 2011
Posts: 1
user entered information is append to the url in a query string can only send limited amount of data
the size of the character is sending doget method in the get request will go through the header thats ways its limltation
example:- /servlet/view/firstname=karunakar&lastname=bandi


postmethods requests user entered information is send as adata(not append to url) can send any of data in post the request will go through the body
Wouter Oet
Saloon Keeper

Joined: Oct 25, 2008
Posts: 2700

Tim Holloway wrote:I, too am curious about how POST and GET are equally insecure. If I'm not mistaken, when TLS is active, the body (headers, cookies, POST contents, etc.) are encrypted, but the URL cannot be because otherwise it wouldn't be routable.
You're partially incorrect. An url looks like this: scheme://domain:port/path?query_string#fragment_id e.g. http://coderanch.com/forums?something=lalala. yet the only part needed for routing is the "coderanch.com" part. The rest isn't necessary for that and is in fact encrypted. Easy to understand example I found: here.
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 16145
    
  21

Actually, the ENTIRE URL should be encryptable, and not just the query string. In any event, for full routability, you need the port number in addition to the hostname or IP address. Technically, you also need the context part of the URL, but I'll assume that the appserver has decrypted the data stream by that point.

The reason why (in theory) even the protocol/hostname/port should be encrypt-able is because the actual tcp/ip network communications protocol carries the IP address and port number in the packet header. If the destination port is set up for TLS (like port 443 and 8443 usually are), then the payload can be fully encrypted, including the GET command string. I think the plaintext hostname in the sample dump isn't actually part of the encrypted payload, but I'm too lazy to pull out tcpdump and verify it.
Karn Kumar
Ranch Hand

Joined: Aug 06, 2009
Posts: 146

Hi All,

I have one more doubt that is there any limit of the data in the POST method like GET where we are restricted at particular level.



singh gaurav
Ranch Hand

Joined: Mar 28, 2010
Posts: 42
GET/POST both are HTTP methods,

GET sends data in name vale pair ,POST uses a Stream,GET is More fast but not secure,
GET method can carry only 1024 bit of data ,i dont know exactly, but i am sure it can carry limited amount of data.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61434
    
  67

singh gaurav wrote:GET sends data in name vale pair ,POST uses a Stream

This is not accurate. GET params are encoded as name/value pairs on the query string, but POST can also be name/value pairs encoded into the body. In fact any textual data can be sent in the body, not a "stream" (whatever that means). The body could be XML, could be JSON, could be the Base64 encoding of a binary blob -- just about anything that's text.

GET is More fast but not secure,

Once again, GET is not "more fast". Any processing differences between a GET and a POST sending the same amount of data and processing the same way on the server will be completely trivial.

GET method can carry only 1024 bit of data

That actually depends upon the browser.
singh gaurav
Ranch Hand

Joined: Mar 28, 2010
Posts: 42
@Bear Bibeault.... It may be possible ...i answered here in a layman terms ...and i suppose whatever i am saying here is true ...

consider this one "Now i can control a air craft ,a ship, fighter plane, a F1 car , a bus , metro train, super fast bullet train and all other many more things " by using my mobile phone in a single time instance but i need to update my mobile ..............

what it means ... in the same way you can secure a GET method / can send a xml/ or send name value pair via Post method...but you have to do a lot of complex implementations ,,,,,,,,,,,,,,,,,,,,,,,, hope you got my point ... and i am not expecting such type of comment from a very respected and a experience person....

[Not nice portion removed]
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61434
    
  67

singh gaurav wrote:and i suppose whatever i am saying here is true ...

Sorry, no, There were factual errors in your post.

You stated that GET is faster than POST. Not true. It all depends on what the requests are doing, and if they are doing the exact same thing, the processing time will be so close as to be considered the same.

You stated that GET is not secure. POST is also not secure. No request is secure simple based upon the choice of method. Requests are secure by using SSL.

You stated that POST uses a "stream" while GETs use name/value pairs. POSTs store a text block in the body (which can be name/value pairs) not a s stream. Perhaps you are thinking about how the Servlets API allows you to read the POST body using a stream, but the content of the POST body is just text.

I'm sorry if it makes you feel bad to be corrected, but what you posted was not accurate and could be misleading to the novices in the audience.
Paul Anilprem
Enthuware Software Support
Ranch Hand

Joined: Sep 23, 2000
Posts: 3314
    
    8
If effort required to decipher/interpret the request is a measure of how secure it is, I would say POST is indeed more secure than GET. Certainly not substantially, I agree, but marginally.


Enthuware - Best Mock Exams and Questions for Oracle/Sun Java Certifications
Quality Guaranteed - Pass or Full Refund!
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61434
    
  67

Paul Anilprem wrote:If effort required to decipher/interpret the request is a measure of how secure it is

It is not. How does that afford any level of security?

Besides, deciphering a POST is no more difficult that deciphering a corresponding GET.
Paul Clapham
Bartender

Joined: Oct 14, 2005
Posts: 18669
    
    8

It's more secure in the sense that closing your front door without locking it is more secure than leaving your front door open.
Paul Anilprem
Enthuware Software Support
Ranch Hand

Joined: Sep 23, 2000
Posts: 3314
    
    8
Paul Clapham wrote:It's more secure in the sense that closing your front door without locking it is more secure than leaving your front door open.


You got it. It's more secure for the cats :)
Alexander Sales
Ranch Hand

Joined: Feb 21, 2011
Posts: 89

baji shaik wrote:
It will show the parameters in the request URL, like as http:...../login.do?name=baji,password=***


Is the url given legal?


OCPJP 6, OCEWCD Java EE 6
Elchin Asgarli
Ranch Hand

Joined: Mar 08, 2010
Posts: 222

POST is secure only if used with SSL. SSL does not encrypt query string, so even if you use GET and SSL, it will be still unsecure.


Personal page, SCJP 6 with 91%, SCWCD 5 with 84%, OCMJD
Pete Nelson
Ranch Hand

Joined: Aug 30, 2010
Posts: 147

The difference between GET and POST is not so much about security, but about idempotence. Take a look at what HTTP creator Tim Berners-Lee has to say about GET and POST - http://www.w3.org/Provider/Style/Input.html .

OCPJP
In preparing for battle I have always found that plans are useless, but planning is indispensable. -- Dwight D. Eisenhower
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: GET or POST which one is fast ?