RESTful search using POST vs GET on #FHIR

Cybersecurity
Opsfolio Community
June 22, 2022, 12 months ago
154

I got a Question: Can you address a specific example of the intersection of FHIR standards and OWASP guidance? The FHIR spec allows for sensitive ids such as patient identifier to be used on the query string when searching for a patient. See the following:https://try.smilecdr.com:8000/baseR4/Patient?identifier=47However, the folks at OWASP consider this practice a vulnerability:https://owasp.org/www-community/vulnerabilities/Information_exposure_through_query_strings_in_urlInformation exposure through query strings in url - OWASPDescription. Information exposure through query strings in URL is when sensitive data is passed to parameters in the URL. This...

Source: http://healthcaresecprivacy.blogspot.com/2022/06/restful-search-using-post-vs-get-on-fhir.html

RESTful search using POST vs GET on #FHIR

RESTful search using POST vs GET on #FHIR

Subscribe To Our Newsletter!

Popular Posts

What A Cybersecurity Degree Teach You About Protecting Businesses Against Threats

Steps to creating a healthcare app

Cybersecurity Tips For Freelance Healthcare Workers

How to Create a Secure Healthcare Website?

How to keep your child safe from infections when you are not at home?

POPULAR Media

Ransomware Payouts Are On The Rise

Defense Against Socially Engineered Attacks

Address Ransomware With Multiple Layered Security

Hitrust – Streamlining the Compliance Process