Home/ Questions/Q 6229273
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-24T09:32:19+00:00

Are there any security implications to making an HTTPS/SSL GET operation with sensitive data

  • 0

Are there any security implications to making an HTTPS/SSL GET operation with sensitive data in the URL? Would this be logged in cleartext in the IIS logs? Could network traffic requests be sniffed on an open WiFi access point?

i.e. https://www.websiteurl.com/get.aspx?user=user&password=password

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Question is better answered here: Are https URLs encrypted?

    1. The URL is encrypted.
    2. However, the clear text may very well show up in the logs of the destination server as servers will unencrypt it and, depending on settings, store the values in the logs.
    3. The only part that would be sniffable is the dns portion. In this case http://www.websiteurl.com

    That said you are better off not using get requests with the username/pw on the querystring anyway.

    edit
    I wanted to add a bit more to this.

    1. The full unencrypted URL of a GET request is available in the browser history. If something is able to sniff the browser history then it would have complete access to whatever was in the query string.
    2. HTTP Referrer issues. The URL can be submitted to a third site if the user clicks a link that directs them to the other site.

    Between #2 and #4, using the query string for sensitive data is unwise.

    • 0