Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 992
  • Last Modified:

Querystring values passed to https page secure?

Hi Guys,

Suppose this is an easy one if you know it. We connect to a service provider using a VBS script like this:

xml_url = <<THEIR CONNECTION URL INCLUDING OUR ACCOUNT USERNAME AND PASSWORD>>

Set objXMLHTTP = CreateObject("MSXML2.ServerXMLHTTP")
objXMLHTTP.Open "GET", xml_url, false
objXMLHTTP.Send

My question is - does it matter if the URL we connect to is http or https? I realise it would make a difference if we were posting the username and password through a form, but we're not. It's in the querystring:

xml_url = "http://serviceprovider.com/theirpage.asp?command=TESTCOMMAND&uid=username&pw=password"

Our service provider tell us that the https:// version would encrypt the password but this is surely incorrect because it is only secure once it hits their secure server.

I thought that the password would still be sent in plain text between the VBS and the service provider - is this correct?

Thanks,
Ellmb.
0
Ellmb122
Asked:
Ellmb122
  • 2
1 Solution
 
dworltonCommented:
Well, if you use https, it would set up an SSL connection and thereby create a secure tunnel in which the data you transfer will be encrypted. Since this secure tunnel must be created BEFORE you can begin interacting with an https page, any information after this initial handshake/configuration should be encrypted (ie your initial request querystrings as well). I would agree with the service provider on this.
0
 
dworltonCommented:
Here is someone else that provided some information on this along with several links to MSDN: http://blog.searyblog.com/blog/_archives/2006/3/31/1852124.html

Just in case you don't believe me and want to read up more.
0
 
Ellmb122Author Commented:
Hi,

Thanks, I searched around alot before after asking the question but shortly after I found this which also agrees with you.

http://answers.google.com/answers/threadview?id=758002

Thanks for the quick response.

Ellmb.
0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now