All videos are amazing, I have been working in the security domain, for me, some network concepts were not clear, but your videos make it so easy, keep making videos, also can you make API keys vs OAuth videos from a security standpoint, when to use what
Nice comparison. Idempotent was confusing. And what is your opinion about using Headers in GET request to send small amount of data securely to server ?🙄
There is nothing that prohibits a GET request from containing a body. For example, if the URL for a specific response is becoming too long and cumbersome this information can be included within the body of the GET request to be parsed by the server. Allowing for a larger data request limit when using GET.
Hi hussein, I think POST itself doesn't change the data on the server, its the developer who choose to change the data or not. So, in my opinion we can't consider POST safe because of that reason. But We could say POST is safe maybe because its hides the parameters ( data ) that is sent.
Ahmed El Atari hey Ahmed, yes its the developer that make the decision to comply with the HTTP standard and follow it or not. By definition POST is not supposed to be safe while GET is safe: If the developer implement GET and in the backend they inserted a new resource or updated the postgres row than its no longer safe so its so dangerous because browsers assume GET is safe and they implement code based on this.
Dear bro . I'm looking for get and post method for one special problem and i cant found it in your video but i know you can do it . I need to know how i can use get and post method for captcha code when the server is so busy and captcha code not shown . Do you think that its possible to appear captcha code on busy or overloaded sites by get and post method. Tnx
Thanks Brother, couple of questions like as usual :) I haven't seen your video about E-Tags. If you have already covered following questions in E-tags video. please ignore it. -> 1. will pre-fetching & caching default applies to GET request like browser implements them ? or any customizations needed ? -> 2. In the case of caching, client will always send a request to server. whether there is a change in content or not. however, imagine there is a situation where there will be no change in data for next 24 hrs. can i cache this data in localStorage object in browser with key as date. before sending request to the client. I will check whether there is data for today in localStorage object. if it is , I can use it otherwise i will send a request.. is it safe to use this pattern or localStorage implementation is based on browser like google has this. I am not sure about other browsers.. -> 3. I hope, for above pattern we cannot use pre-fetching. because browser makes a smart decision whether the request has to be sent or not. is it applies only to images and binary data.. or any other data too like simple text.. I just started my career in development field. that's the reason, i am asking so many questions... Thank you !!
Great questions! 1) prefetching is implemented by the browser, if you write your own app you will have to do the prefetching 2) the browser always sends the request if it was asked to (script call) the server tells the client if the content has changed, your idea is amazing 😉 you can sure cache things to safe yourself the extra request that are useless. That being said , those requests dont cost much because the response is empty.. 3) you can override browser’s prefetching i believe
I don't want to mix up this question with previous one's.. I am creating a new comment.. While reading mozilla document on HTTP. I found following sentence under webserver section ( developer.mozilla.org/en-US/docs/Web/HTTP/Overview) A server is not necessarily a single machine, but several server software instances can be hosted on the same machine. With HTTP/1.1 and the Host header, they may even share the same IP address. Question : why we need to install several server software instances on the same machine. is it like, on port 80 we are using some application and another port 8080 we are running some other application.. can't we do this single server software instance ? Thanks mentor for all the help you are providing..
Great question again this is called SNI (server name indication) . You host multiple servers in a single machine to host multiple websites over a single static public ip address to save money since ips are expensive. Instead of having three public IP addresses you can have one public ip address point to a machine hosting 3 servers Enjoy ua-cam.com/video/t0zlO5-NWFU/v-deo.html
Wow, these videos actually explain the concepts without copying and pasting wikipedia like all the others!
Awesome explaination...I am a tester and now I remember that developers used only post requests. That time I was very surprised hows it possible :D
All videos are amazing, I have been working in the security domain, for me, some network concepts were not clear, but your videos make it so easy, keep making videos, also can you make API keys vs OAuth videos from a security standpoint, when to use what
You can add body to get request easily.
You are best bro, i guess im addicted to your videos about network :)
Thanks Eren! What do you want to see next so I add it to my list of videos to make
@@hnasr Might be web scraping with nodejs.
@@hnasr Or how arp attacks works might be great.
Nice comparison.
Idempotent was confusing.
And what is your opinion about using Headers in GET request to send small amount of data securely to server ?🙄
There is nothing that prohibits a GET request from containing a body. For example, if the URL for a specific response is becoming too long and cumbersome this information can be included within the body of the GET request to be parsed by the server. Allowing for a larger data request limit when using GET.
Therapist: the uncanny valley of accents doesn't exist
The uncanny valley of accents:
Hi hussein,
I think POST itself doesn't change the data on the server, its the developer who choose to change the data or not.
So, in my opinion we can't consider POST safe because of that reason.
But We could say POST is safe maybe because its hides the parameters ( data ) that is sent.
Ahmed El Atari hey Ahmed, yes its the developer that make the decision to comply with the HTTP standard and follow it or not. By definition POST is not supposed to be safe while GET is safe: If the developer implement GET and in the backend they inserted a new resource or updated the postgres row than its no longer safe so its so dangerous because browsers assume GET is safe and they implement code based on this.
Very Nice explanation but instead of explaining what does GET and POST actually mean in detail, you explained other things
very informative, lots of things i learned . thanks
Super helpful, thanks!
at 8:42 I did not understand your example with the email. Would you care to explain?
Minor nit .. (well many not minor) .. you can technically have a body in a GET request
Thanks, helped a lot.
Amazing explanation.
Awesome explaination!
Perfectly splendid
Dear bro .
I'm looking for get and post method for one special problem and i cant found it in your video but i know you can do it .
I need to know how i can use get and post method for captcha code when the server is so busy and captcha code not shown . Do you think that its possible to appear captcha code on busy or overloaded sites by get and post method.
Tnx
Nice
Dude ur Awesome !
ONM Roman thanks! You are more awesome thanks for your message ❤️
Thank you very much for your content, its super valuable
Thanks Brother, couple of questions like as usual :) I haven't seen your video about E-Tags. If you have already covered following questions in E-tags video. please ignore it.
-> 1. will pre-fetching & caching default applies to GET request like browser implements them ? or any customizations needed ?
-> 2. In the case of caching, client will always send a request to server. whether there is a change in content or not. however, imagine there is a situation where there will be no change in data for next 24 hrs. can i cache this data in localStorage object in browser with key as date. before sending request to the client. I will check whether there is data for today in localStorage object. if it is , I can use it otherwise i will send a request.. is it safe to use this pattern or localStorage implementation is based on browser like google has this. I am not sure about other browsers..
-> 3. I hope, for above pattern we cannot use pre-fetching. because browser makes a smart decision whether the request has to be sent or not. is it applies only to images and binary data.. or any other data too like simple text..
I just started my career in development field. that's the reason, i am asking so many questions... Thank you !!
Great questions!
1) prefetching is implemented by the browser, if you write your own app you will have to do the prefetching
2) the browser always sends the request if it was asked to (script call) the server tells the client if the content has changed, your idea is amazing 😉 you can sure cache things to safe yourself the extra request that are useless. That being said , those requests dont cost much because the response is empty..
3) you can override browser’s prefetching i believe
@@hnasr Thank you, I will look into overriding prefetching stuff..
your good..
no examples
Hi Hussein,
Can we cache get request, If yes then what is the use of caching get request.
Abhishek SHARMA hey! Sure you can cache get requests and I explain that in in minute 8:30
I don't want to mix up this question with previous one's.. I am creating a new comment..
While reading mozilla document on HTTP. I found following sentence under webserver section ( developer.mozilla.org/en-US/docs/Web/HTTP/Overview)
A server is not necessarily a single machine, but several server software instances can be hosted on the same machine. With HTTP/1.1 and the Host header, they may even share the same IP address.
Question : why we need to install several server software instances on the same machine. is it like, on port 80 we are using some application and another port 8080 we are running some other application.. can't we do this single server software instance ?
Thanks mentor for all the help you are providing..
Great question again this is called SNI (server name indication) . You host multiple servers in a single machine to host multiple websites over a single static public ip address to save money since ips are expensive. Instead of having three public IP addresses you can have one public ip address point to a machine hosting 3 servers
Enjoy ua-cam.com/video/t0zlO5-NWFU/v-deo.html
@@hnasr Thanks for the video, I will add it to my watch list..
Better
Add a comment...