[thelist] quick ssl question

Seb Barre sebastien at oven.com
Tue Nov 28 17:22:07 CST 2000


At 03:20 PM 11/28/2000 -0800, you wrote:
>At 02:02 PM 11/28/2000, you wrote:
>>Are URLs encrypted in an SSL session?
>>
>>Specifically, say I have a URL:
>>
>>https://www.myserver.com/orderentry.asp?secret=qwe344r5
>>
>>Is the querystring encrypted?
>
>Scott....
>
>I don't think so.

Hmm, actually I would think that it is.  It would be a pretty big flaw in 
https/SSL if the URL wasn't encrypted, since GET is a standard way to pass 
parameters to the server and from page to page.

Other people have already replied stating that it is, and while I don't 
know this for sure, common sense tells me that it is definitely encrypted, 
along with all other transmissions to/from the server (headers, cookies, etc).

I will try to dig up some reference materials regarding this and post URLs 
to the list.



--- -- -
Seb Barre - seb at oven.com
OVEN Digital Toronto
Work: 416-595-9750 x 222
Mobile: 416-254-5078
http://www.oven.com/





More information about the thelist mailing list