Avoinding exposure of sensitive data passed in arguments of the URL


What is the best way to protect our application, avoiding the exposure of sensitive data in the URL?
Using POSTs instead of GETs or using Session variables?

Can someone give me a good explanation? :)

Hi Miguel,

What are the scenarios you're thinking of? Typically, you'd pass an Id as input parameter to a details screen, and query the database based on that Id in the Preperation. With REST services, you can put parameters in the Header or the Body instead of the URL if they contain sensitive information.