Is SSL secure enough for using sensitive data (like password) in query string? Is there any extra options to implement?
Is SSL secure enough for using sensitive data (like password) in query string? Is
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Is SSL secure enough for using sensitive data (like password) in query string? Is there any extra options to implement?
SSL provides secure, transport-level security. Nobody between client and server should be able to read the information.
But you should change your mind about writing sensitive data in the querystring. It will show up in the browser’s history and is visible in the address bar of the browser and in logs on the server. See this article: How Secure Are Query Strings Over HTTPS?
If using query strings is your only option (I doubt it), here is an interesting article about securing query strings.