Querystring values passed to https page secure?

Posted on 2007-10-05
Last Modified: 2008-01-09
Hi Guys,

Suppose this is an easy one if you know it. We connect to a service provider using a VBS script like this:


Set objXMLHTTP = CreateObject("MSXML2.ServerXMLHTTP")
objXMLHTTP.Open "GET", xml_url, false

My question is - does it matter if the URL we connect to is http or https? I realise it would make a difference if we were posting the username and password through a form, but we're not. It's in the querystring:

xml_url = ""

Our service provider tell us that the https:// version would encrypt the password but this is surely incorrect because it is only secure once it hits their secure server.

I thought that the password would still be sent in plain text between the VBS and the service provider - is this correct?

Question by:Ellmb122
    LVL 6

    Expert Comment

    Well, if you use https, it would set up an SSL connection and thereby create a secure tunnel in which the data you transfer will be encrypted. Since this secure tunnel must be created BEFORE you can begin interacting with an https page, any information after this initial handshake/configuration should be encrypted (ie your initial request querystrings as well). I would agree with the service provider on this.
    LVL 6

    Accepted Solution

    Here is someone else that provided some information on this along with several links to MSDN:

    Just in case you don't believe me and want to read up more.

    Author Comment


    Thanks, I searched around alot before after asking the question but shortly after I found this which also agrees with you.

    Thanks for the quick response.


    Featured Post

    Why You Should Analyze Threat Actor TTPs

    After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

    Join & Write a Comment

    As a financial services provider, your business is impacted by two of the strictest federal regulations on record: the Sarbanes-Oxley Act and the Gramm-Leach-Bliley Act. Correctly implementing faxing into your organization to provide secure, real-ti…
    SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
    In this sixth video of the Xpdf series, we discuss and demonstrate the PDFtoPNG utility, which converts a multi-page PDF file to separate color, grayscale, or monochrome PNG files, creating one PNG file for each page in the PDF. It does this via a c…
    Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

    730 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now