astromex
asked on
Is sending username + password in a https secure?
I understand (on a simple level) the key exchange etc that happens in SSL handshake but what I need to know is that if I called in a GET e.g. https://www.mybank.com?username=fred&password=abcd1234
Would the username and password actually be encrpted and 'safe' en route or would they be visible on the way as they get sent before the handshake. Or does the browser make the connection and handshake first to the www.mybank.com url then make another call with the complete URL?
Thanks
Would the username and password actually be encrpted and 'safe' en route or would they be visible on the way as they get sent before the handshake. Or does the browser make the connection and handshake first to the www.mybank.com url then make another call with the complete URL?
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.