Suppose this is an easy one if you know it. We connect to a service provider using a VBS script like this:
xml_url = <<THEIR CONNECTION URL INCLUDING OUR ACCOUNT USERNAME AND PASSWORD>>
Set objXMLHTTP = CreateObject("MSXML2.Serve
objXMLHTTP.Open "GET", xml_url, false
My question is - does it matter if the URL we connect to is http or https? I realise it would make a difference if we were posting the username and password through a form, but we're not. It's in the querystring:
xml_url = "http://serviceprovider.com/theirpage.asp?command=TESTCOMMAND&uid=username&pw=password
Our service provider tell us that the https://
version would encrypt the password but this is surely incorrect because it is only secure once it hits their secure server.
I thought that the password would still be sent in plain text between the VBS and the service provider - is this correct?