Are querystring parameters secure in HTTPS HTTP SSL

Question

Do querystring parameters get encrypted in HTTPS when sent with a request

User · Answer

remember  SSL TLS operates at the Transport Layer  so all the crypto goo happens under the application-layer HTTP stuff    http   en wikipedia org wiki File IP stack connections svg  that s the long way of saying   Yes

User · Answer

I disagree with the advice given here - even the reference for the accepted answer concludes      You can of course use query string parameters with HTTPS  but don   t use them for anything    that could present a security problem  For example  you could safely use them to identity   part numbers or types of display like    accountview    or    printpage     but don   t use them for   passwords  credit card numbers or other pieces of information that should not be publicly   available    So  no they aren t really safe

User · Answer

Yes  The querystring is also encrypted with SSL  Nevertheless  as this article shows  it isn t a good idea to put sensitive information in the URL  For example      URLs are stored in web server logs -   typically the whole URL of each   request is stored in a server log    This means that any sensitive data in   the URL  e g  a password  is being   saved in clear text on the server

User · Answer

The entire transmission  including the query string  the whole URL  and even the type of request  GET  POST  etc   is encrypted when using HTTPS

[security] Are querystring parameters secure in HTTPS (HTTP + SSL)?

Examples related to security

Examples related to https

Examples related to http-get