HTTPS/SSL
socket level encryption,
- shared public certification, C/S can encrypt, but only its own can do decryption.
GET - for fetch/get something
- privacy issue: can be cached in history,bookmark, local storage
- when browser refresh, will not ask for send new form
- security issue: parameters in the URL, well we can add encryption for parameters value
- length issue: browser may limit the length of URL
- data issue: parameters must be ASCII characters, in the http header
POST - for update/create something
- cannot be cached, history or bookmark or local storage
- when browser refresh, will ask for send new form
- a slight better security than GET, parameters in the body part, that easy to be encrypted
- length is unlimited
- data can be everything, such as binary