This week's book giveaway is in the OCMJEA forum.
We're giving away four copies of OCM Java EE 6 Enterprise Architect Exam Guide and have Paul Allen & Joseph Bambara on-line!
See this thread for details.
The moose likes Servlets and the fly likes Get vs post in servlets Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of OCM Java EE 6 Enterprise Architect Exam Guide this week in the OCMJEA forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Get vs post in servlets" Watch "Get vs post in servlets" New topic
Author

Get vs post in servlets

srikanth darbha
Greenhorn

Joined: May 19, 2013
Posts: 29
Hi,
can anyone help me the exact difference between get and post types as far as i have learnt the post type cannot carry parameters with its url where as get can carry parameters in its url,is this correct?,
keerthi vineela
Greenhorn

Joined: May 10, 2013
Posts: 24
Hi Srikanth,

The differences between GET and POST are

Get
--------
Through Get we can send only limited data ,maximum 1 KB.
Bookmarking is possible as we the parameters are appended to the URL.
Less secure as parameters are visible in URL.

Post
----
Sends unlimited data.
Bookmarking is not possible.
Secured.

go throgh the below link for more explanation
http://geekexplains.blogspot.in/2008/06/difference-between-get-and-post-methods.html
Gangadhara Rao Duvvarapu
Greenhorn

Joined: May 20, 2013
Posts: 6
Difference between GET and POST methods

Fundamental Difference is probably the Visibility - GET request is sent via the URL string (appended to the URI with a question-mark as separator), which is visible whereas POST request is encapsulated in the body of the HTTP request and can't be seen.
Length - Since, GET request goes via URL, so it has a limitation for its length. It can't be more than 255 characters long (though this is browser dependent, but usually the max is 255 characters only). Whereas no such maximum length limitation holds for the POST request for the obvious reason that it becomes a part of the body of the HTTP request and there is no size limitation for the body of an HTTP request/response.
Performance - GET request is comparatively faster as it's relatively simpler to create a GET request and the time spent in the encapsulation of the POST request in the HTTP body is saved in this case. In addition, the maximum length restriction facilitates better optimization of GET implementation.
Type of Data - GET request is sent via URL string and as we all know that URL can be text-only, so GET can carry only text data whereas POST has no such restriction and it can carry both text as well as binary data.
Caching/Bookmarking - again for the obvious reason that a GET request is nothing but an URL hence it can be cached as well as Bookmarked. No such luxuries with a POST request.
FORM Default - GET is the default method of the HTML FORM element. To submit a FORM using POST method, we need to specify the method attribute and give it the value "POST".
Data Set - GET requests are restricted to use ASCII characters only whereas POST requests can use the 'enctype' attribute with a value "multipart/form-data" to use the Universal Multiple-Octet Coded Character Set (UCS).
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41634
    
  55
Gangadhara Rao Duvvarapu wrote:Performance - GET request is comparatively faster as it's relatively simpler to create a GET request and the time spent in the encapsulation of the POST request in the HTTP body is saved in this case. In addition, the maximum length restriction facilitates better optimization of GET implementation.

I sincerely doubt that one could come up with a scenario where performance makes enough of a difference to trump other considerations (or even makes a measurable difference to begin with).


Ping & DNS - my free Android networking tools app
Jelle Klap
Bartender

Joined: Mar 10, 2008
Posts: 1761
    
    7

There's also the matter of safety and idempotence to consider. Note that these apply to the HTTP/1.1 method definitions and need not necessarily be applied to the corresponding methods of HttpServlet, doGet() and doPost(), although that is strongly advisable.


Build a man a fire, and he'll be warm for a day. Set a man on fire, and he'll be warm for the rest of his life.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61106
    
  66

keerthi vineela wrote:
Secured.


FALSE.

This is a common myth. A POST is no more secure than a GET. SImply because the parameters are not available on the URL does not make them in any way more secure than the parameters that are exposed.

The myth of security is not why on should choose a POST over a GET. HTTP defined how these methods should be used. In a nutshell, a GET is used to fetch an idempotent resources, whils a POST can cause a non-ideomtpotent changes to the server.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41634
    
  55
Bear Bibeault wrote:A POST is no more secure than a GET.

Well... that depends on what "secure" means in this context. POST parameters are recorded in fewer places than GET parameters - which can end up being stored in browser histories, web server access logs, HTTP caches etc. In that sense POST data is more secure. With respect to being observed in traffic, there is no difference.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61106
    
  66

The lack of recording affords so little added security that it's barely a blip. I think far too many people think that sending something like a password in clear text is "secure" because a POST is used. It is not.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41634
    
  55
Bear Bibeault wrote:The lack of recording affords so little added security that it's barely a blip.

That depends on what kinds of attacks are anticipated. Saying that something is "secure" is generally only meaningful with respect to particular attacks. Sometimes it's the common attacks one wants to guard against, sometimes the not so common ones.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61106
    
  66

Sure, but my point is, using POST in no way makes the transmission "secure". Too many people that think if they can't see it on the screen, it's somehow "secure". It is not.

When people say "secured" they usually mean against all known types of attack. So saying "a POST is secured" is a falsehood. It is vulnerable to the most common types of attacks used.
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Get vs post in servlets