Are URLs encrypted in an SSL session? Specifically, say I have a URL: https://www.myserver.com/orderentry.asp?secret=qwe344r5 Is the querystring encrypted? I know it's a rudimentary one, but I'm blanking, though my instincts want to tell me it is (an SSL session is above the traffic going back and forth) quick yea/nay will do =) sgd -- work: http://www.ti3.com/ non: http://thinksafely.org/