Pushing Left, Like a Boss, Part 5.7 URL Parameters

This series, and my blog, has moved! Check it out!

The previous article in this series is Part 5.6 Redirects and Forwards.

Never put information in the parameters in the URL of your application that are important. When I say “important”, I mean something that would potentially be used to make a decision in your application that is not trivial. The same goes for hidden fields, don’t store or pass anything valuable there either. Important information must be transmitted in a secure manner, and hidden fields and URL parameters are not the place for that.

Franziska Bühler and I at the Open Security Summit, 2018

Read the rest on my new blog!