[thelist] quick ssl question
Seb Barre
sebastien at oven.com
Tue Nov 28 17:22:07 CST 2000
At 03:20 PM 11/28/2000 -0800, you wrote:
>At 02:02 PM 11/28/2000, you wrote:
>>Are URLs encrypted in an SSL session?
>>
>>Specifically, say I have a URL:
>>
>>https://www.myserver.com/orderentry.asp?secret=qwe344r5
>>
>>Is the querystring encrypted?
>
>Scott....
>
>I don't think so.
Hmm, actually I would think that it is. It would be a pretty big flaw in
https/SSL if the URL wasn't encrypted, since GET is a standard way to pass
parameters to the server and from page to page.
Other people have already replied stating that it is, and while I don't
know this for sure, common sense tells me that it is definitely encrypted,
along with all other transmissions to/from the server (headers, cookies, etc).
I will try to dig up some reference materials regarding this and post URLs
to the list.
--- -- -
Seb Barre - seb at oven.com
OVEN Digital Toronto
Work: 416-595-9750 x 222
Mobile: 416-254-5078
http://www.oven.com/
More information about the thelist
mailing list