How Secure Are Query Strings Over HTTPS?

February 02th, 2009 - 4:10PM

A common question we hear is “Can parameters be safely passed in URLs to secure web sites? ” The question often arises after a customer has looked at an HTTPS request in HttpWatch and wondered who else can see this data. For example, let’s pretend to pass a password in a query string parameter using the following secure URL: https://www.httpwatch.com/?password=mypassword HttpWatch is able to show the contents of a secure request because it is integrated with the browser and can view the data before it is encrypted by the SSL connection used for HTTPS requests: If you look in a … Continue reading →