A web browser is a very powerful tool. it gives you the ability to send data from your computer to a server in real time. Understanding how send data is an important security consideration, especially if you're using an API. (Application Programming Interface)

We're going to use a simply analogy of post. Yep, letters and traditional non technical solutions. Security is a huge aspect when sending information. This is why envelopes were invented. If you wanted to keep something secure, you put it in the envelope, sealed it and sent it.

Modern day web communications are very similar. The server can access data using one of two methods

• Request.QueryString
• Request.Form

The first one says, if you're looking for information you'll find it written ON the envelope. The second says, you'll find the information IN the envelope.

It's really easy to scribble a message on the outside of the envelope but then every postman who's delivering the message can read the information. If it's in the envelope it's a lot more secure.

As a developer you have total control of how you set things up. On or In the envelope it's up to you. For security the All n One team, strongly recommend you use IN the envelope. HTTPS the security protocol encrypts and protects the contents of the message. It's not infallible (you can steam an envelope open as well) but it makes it harder, a lot harder to see what's in the envelope.

So please consider using POST variables (inside the envelope) instead of URL query string parameters (on the envelope) for your own security. bxp accepts both but we think you should always opt for the more secure option.