The GET method should never be used when sensitive data such as credit is being sent to a CGI program. This is because any GET command will appear in the URL and will be logged by any servers. For example, let’s say that you’ve entered your credit card information into a form that uses the GET method. The URL may appear like this:

https://www.xsecurity-bank.com/creditcard.asp?cardnumber=454543433532234

The GET method appends the credit card number to the URL. This means that anyone with access to a server log will be able to obtain this information.

How would you protect from this type of attack?

A.
Replace the GET with POST method when sending data

B.
Never include sensitive information in a script

C.
Use HTTOS SSLV3 to send the data instead of plain HTTPS

D.
Encrypt the data before you send using GET method

Explanation:
If the method is “get”, the user agent takes the value of action, appends a ? to it, then appends the form data set, encoded using the application/x-www-form-urlencoded content type. The user agent then traverses the link to this URI. If the method is “post” –, the user agent conducts an HTTP post transaction using the value of the action attribute and a message created according to the content type specified by the enctype attribute.