Password Sent in HTTP Query
URLs are stored in log files and might be sent in the
referer HTTP request header to other websites. Passing sensitive information like passwords as part of the URL might disclose this information to an unauthorized actor. This risk is increased when the traffic is not encrypted.
Use the HTTP
POST method and the request body for sending sensitive information.