Querystring values passed to https page secure?

Hi Guys,

Suppose this is an easy one if you know it. We connect to a service provider using a VBS script like this:

xml_url = <<THEIR CONNECTION URL INCLUDING OUR ACCOUNT USERNAME AND PASSWORD>>

Set objXMLHTTP = CreateObject("MSXML2.ServerXMLHTTP")
objXMLHTTP.Open "GET", xml_url, false
objXMLHTTP.Send

My question is - does it matter if the URL we connect to is http or https? I realise it would make a difference if we were posting the username and password through a form, but we're not. It's in the querystring:

xml_url = "http://serviceprovider.com/theirpage.asp?command=TESTCOMMAND&uid=username&pw=password"

Our service provider tell us that the https:// version would encrypt the password but this is surely incorrect because it is only secure once it hits their secure server.

I thought that the password would still be sent in plain text between the VBS and the service provider - is this correct?

Thanks,
Ellmb.
Ellmb122Asked:
Who is Participating?
 
dworltonCommented:
Here is someone else that provided some information on this along with several links to MSDN: http://blog.searyblog.com/blog/_archives/2006/3/31/1852124.html

Just in case you don't believe me and want to read up more.
0
 
dworltonCommented:
Well, if you use https, it would set up an SSL connection and thereby create a secure tunnel in which the data you transfer will be encrypted. Since this secure tunnel must be created BEFORE you can begin interacting with an https page, any information after this initial handshake/configuration should be encrypted (ie your initial request querystrings as well). I would agree with the service provider on this.
0
 
Ellmb122Author Commented:
Hi,

Thanks, I searched around alot before after asking the question but shortly after I found this which also agrees with you.

http://answers.google.com/answers/threadview?id=758002

Thanks for the quick response.

Ellmb.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.