Are querystring parameters secure in HTTPS (HTTP + SSL)? [duplicate]

by

Yes. The querystring is also encrypted with SSL. Nevertheless, as this article shows, it isn’t a good idea to put sensitive information in the URL. For example:

URLs are stored in web server logs –
typically the whole URL of each
request is stored in a server log.
This means that any sensitive data in
the URL (e.g. a password) is being
saved in clear text on the server

More Related Contents:

  1. How to redirect all HTTP requests to HTTPS
  2. Will web browsers cache content over https
  3. Are HTTPS headers encrypted?
  4. With HTTPS, are the URL and the request headers protected as the request body is?
  5. Username and password in https url
  6. If you use HTTPS will your URL params will be safe from sniffing? [duplicate]
  7. Should I hash the password before sending it to the server side?
  8. https URL with token parameter : how secure is it?
  9. Is it secure to submit from a HTTP form to HTTPS?
  10. SSL Error: unable to get local issuer certificate
  11. Is HTTP header Referer sent when going to a http page from a https page?
  12. curl – Is data encrypted when using the –insecure option?
  13. How to redirect all HTTP requests to HTTPS using .htaccess rules?
  14. WS on HTTP vs WSS on HTTPS
  15. Why not use HTTPS for everything?
  16. Fundamental difference between Hashing and Encryption algorithms
  17. What is the best way to implement “remember me” for a website? [closed]
  18. SHA512 vs. Blowfish and Bcrypt [closed]
  19. Encrypting/Hashing plain text passwords in database [closed]
  20. Disable firefox same origin policy
  21. SSL and man-in-the-middle misunderstanding
  22. Is it possible to reverse a SHA-1?
  23. SPA best practices for authentication and session management
  24. What algorithm should I use to hash passwords into my database? [duplicate]
  25. What is happening when I have two CSP (Content Security Policies) policies – header & meta?
  26. What is the difference between a cer, pvk, and pfx file?
  27. When the bots attack! [closed]
  28. What ‘sensitive information’ could be disclosed when setting JsonRequestBehavior to AllowGet
  29. Should I impose a maximum length on passwords?
  30. Should be used for JSF 2.2 CSRF protection?

Leave a Comment