DEV Community

Discussion on: RESTful without HTTP Verbs

aggieben profile image
Ben Collins

"Hops in between" for HTTP that matter at all to this discussion would only include SSL-terminating HTTP proxies, and they can log the fully payload if their operators so desired and there's nothing you could do about that. Presumably any such proxies would be fully trusted by either the server or the client or both. So for our purposes, intermediate hops are irrelevant.

Thread Thread
carywreams profile image
Cary Reams Author

Thought that encryption applied to the POST payload, but not the information appearing along with the URL (GET parameters?).

Thread Thread
aggieben profile image
Ben Collins

Encryption is only applicable in end-to-end scenarios, in which case intermediate hops are totally irrelevant - you either don't have them at all, or they're just TCP proxies / IP routers which see nothing but the TCP/IP headers.

If you have a ssl-terminating proxy (i.e., it intercepts your SSL traffic and re-encrypts it to relay it to the final destination) it can log everything.

There's nothing in between.