Are querystring parameters secure in HTTPS (HTTP + SSL)?
SecurityHttpsHttp GetSecurity Problem Overview
Do querystring parameters get encrypted in HTTPS when sent with a request?
Security Solutions
Solution 1 - Security
Yes. The querystring is also encrypted with SSL. Nevertheless, as this article shows, it isn't a good idea to put sensitive information in the URL. For example:
> URLs are stored in web server logs - > typically the whole URL of each > request is stored in a server log. > This means that any sensitive data in > the URL (e.g. a password) is being > saved in clear text on the server
Solution 2 - Security
remember, SSL/TLS operates at the Transport Layer, so all the crypto goo happens under the application-layer HTTP stuff.
http://en.wikipedia.org/wiki/File:IP_stack_connections.svg
that's the long way of saying, "Yes!"
Solution 3 - Security
The entire transmission, including the query string, the whole URL, and even the type of request (GET, POST, etc.) is encrypted when using HTTPS.
Solution 4 - Security
I disagree with the advice given here - even the reference for the accepted answer concludes:
> You can of course use query string parameters with HTTPS, but don’t use them for anything > that could present a security problem. For example, you could safely use them to identity > part numbers or types of display like ‘accountview’ or ‘printpage’, but don’t use them for > passwords, credit card numbers or other pieces of information that should not be publicly > available.
So, no they aren't really safe...!