Do querystring parameters get encrypted in HTTPS while send over the link?
+5
A:
Yes. The querystring is also encrypted with SSL. As this article shows, it isn't a good idea to put sensitive information in the URL. For example:
URLs are stored in web server logs - typically the whole URL of each request is stored in a server log. This means that any sensitive data in the URL (e.g. a password) is being saved in clear text on the server
Joe R
2010-04-13 11:52:20
+3
A:
The entire transmission, including the query string, the whole URL, and even the type of request (GET, POST, etc.) is encrypted when using HTTPS.
Marcelo Cantos
2010-04-13 11:54:57
+1
A:
remember, SSL/TLS operates at the Transport Layer, so all the crypto goo happens under the application-layer HTTP stuff.
http://en.wikipedia.org/wiki/File:IP_stack_connections.svg
that's the long way of saying, "Yes!"
Michael Howard-MSFT
2010-04-14 01:17:27