We help IT Professionals succeed at work.

Querystring values passed to https page secure?

1,026 Views
Last Modified: 2008-01-09
Hi Guys,

Suppose this is an easy one if you know it. We connect to a service provider using a VBS script like this:

xml_url = <<THEIR CONNECTION URL INCLUDING OUR ACCOUNT USERNAME AND PASSWORD>>

Set objXMLHTTP = CreateObject("MSXML2.ServerXMLHTTP")
objXMLHTTP.Open "GET", xml_url, false
objXMLHTTP.Send

My question is - does it matter if the URL we connect to is http or https? I realise it would make a difference if we were posting the username and password through a form, but we're not. It's in the querystring:

xml_url = "http://serviceprovider.com/theirpage.asp?command=TESTCOMMAND&uid=username&pw=password"

Our service provider tell us that the https:// version would encrypt the password but this is surely incorrect because it is only secure once it hits their secure server.

I thought that the password would still be sent in plain text between the VBS and the service provider - is this correct?

Thanks,
Ellmb.
Comment
Watch Question

Commented:
Well, if you use https, it would set up an SSL connection and thereby create a secure tunnel in which the data you transfer will be encrypted. Since this secure tunnel must be created BEFORE you can begin interacting with an https page, any information after this initial handshake/configuration should be encrypted (ie your initial request querystrings as well). I would agree with the service provider on this.
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
Hi,

Thanks, I searched around alot before after asking the question but shortly after I found this which also agrees with you.

http://answers.google.com/answers/threadview?id=758002

Thanks for the quick response.

Ellmb.
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.