DEV Community

Discussion on: Spring Security with JWT

Collapse
 
navjot50 profile image
Navjot

But sending the username and password in url localhost:8080/api/authenticate?us... , isn't it a security flaw itself?

Collapse
 
kubadlo profile image
Jakub Leško

For example purposes it's fine. Also, if you're using HTTPS then no one will see query params.

You can send username and password as standard POST data with content-type application/x-www-form-urlencoded and then those params will not be part of the URL.