• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 334
  • Last Modified:

Is sending username + password in a https secure?

I understand (on a simple level) the key exchange etc that happens in SSL handshake but what I need to know is that if I called in a GET e.g. https://www.mybank.com?username=fred&password=abcd1234
Would the username and password actually be encrpted and 'safe' en route or would they be visible on the way as they get sent before the handshake.  Or does the browser make the connection and handshake first to the www.mybank.com url then make another call with the complete URL?

Thanks
0
astromex
Asked:
astromex
1 Solution
 
jessc7Commented:
The GET parameters would be encrypted after the handshake, but you should be aware of other security concerns. Here is a great article:

http://blog.httpwatch.com/2009/02/20/how-secure-are-query-strings-over-https/
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now