Are querystring parameters secure in HTTPS (HTTP + SSL)? [duplicate]

security https http-get

Do querystring parameters get encrypted in HTTPS when sent with a request?


Solution 1:

Yes. The querystring is also encrypted with SSL. Nevertheless, as this article shows, it isn't a good idea to put sensitive information in the URL. For example:

URLs are stored in web server logs - typically the whole URL of each request is stored in a server log. This means that any sensitive data in the URL (e.g. a password) is being saved in clear text on the server

Solution 2:

remember, SSL/TLS operates at the Transport Layer, so all the crypto goo happens under the application-layer HTTP stuff.

http://en.wikipedia.org/wiki/File:IP_stack_connections.svg

that's the long way of saying, "Yes!"

Solution 3:

The entire transmission, including the query string, the whole URL, and even the type of request (GET, POST, etc.) is encrypted when using HTTPS.

Related

How can I grep for a string that begins with a dash/hyphen?
Numpy array dimensions
Using SSH keys inside docker container
Generating statistics from Git repository [closed]
HTTP redirect: 301 (permanent) vs. 302 (temporary)
New line in JavaScript alert box
Get line number while using grep
How to get current time in python and break up into year, month, day, hour, minute?
What are the differences between git remote prune, git prune, git fetch --prune, etc
What's the difference between VARCHAR and CHAR?
Find nearest value in numpy array
Passing arguments forward to another javascript function