• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • Ron McLeod
  • Jeanne Boyarsky
  • Paul Clapham
Sheriffs:
  • Liutauras Vilda
  • Henry Wong
  • Devaka Cooray
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Al Hobbs
  • Carey Brown
Bartenders:
  • Piet Souris
  • Mikalai Zaikin
  • Himai Minh

query string in HTTPS get request

 
Ranch Hand
Posts: 105
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Someone please tell me if query string parameters are encrypted if GET request is made using HTTPS.

Thanks
 
Ranch Hand
Posts: 518
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Yes, the query string portion of an HTTPS GET request will be encrypted when it travels through the network.

But if the information is sensitive enough to be transmitted via SSL, it should be sent via a POST and not a GET. URLs can be stored in many unsecure ways (written to log files, bookmarked, posted to forums, etc.) so appending sensitive data to them is not wise.
 
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
although it is encrypted anybody can view the data that is being sent once u click submit button. But I have seen no changes if you replace GET by POST. The POST parameters are also shown as query string
 
reply
    Bookmark Topic Watch Topic
  • New Topic