RESTful search using POST vs GET on #FHIR
I got a Question: Can you address a specific example of the intersection of FHIR standards and OWASP guidance? The FHIR spec allows for sensitive ids such as patient identifier to be used on the query string when searching for a patient. See the following:https://try.smilecdr.com:8000/baseR4/Patient?identifier=47However, the folks at OWASP consider this practice a vulnerability:https://owasp.org/www-community/vulnerabilities/Information_exposure_through_query_strings_in_url Information