<div>
<div class="content wysiwyg-content">
I understand (on a simple level) the key exchange etc that happens in SSL handshake but what I need to know is that if I called in a GET e.g. <a href="https://www.mybank.com?username=fred&password=abcd1234" rel="ugc">https://www.mybank.com?username=fred&password=abcd1234</a><br />
Would the username and password actually be encrpted and 'safe' en route or would they be visible on the way as they get sent before the handshake. &nbsp;Or does the browser make the connection and handshake first to the <a href="http://www.mybank.com" rel="ugc">www.mybank.com</a>&nbsp;url then make another call with the complete URL?<br />
<br />
Thanks<br />

</div>
</div>


I understand (on a simple level) the key exchange etc that happens in SSL handshake but what I need to know is that if I called in a GET e.g. https://www.mybank.com?username=fred&password=abcd1234
Would the username and password actually be encrpted and 'safe' en route or would they be visible on the way as they get sent before the handshake.  Or does the browser make the connection and handshake first to the www.mybank.com url then make another call with the complete URL?

Thanks


Is sending username + password in a https secure?

HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data. HTTPS is widely used for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.