Click here to Skip to main content
14,548,592 members
Rate this:
Please Sign up or sign in to vote.
See more:
I have a quick question that I hope someone on here would know about.

My work email uses Oracle Server. One of our servers is currently down and I noticed that because the login request did not go through that the login information is actually passed through the address...as in:

mail.something.com/login.msc?user=something&password=myPassword

This is an https site, but does that mean that the address is passed through the internet in an encrypted form? Or could anyone that intercepts that http request see the login and password information?
Posted

1 solution

Rate this:
Please Sign up or sign in to vote.

Solution 1

The data contained in the URL query on an HTTPS connection is encrypted. I find the a good explaination given by 'sycophant-ga' here[^].

Further, there is a slight difference in kind of request it is... GET or POST. This[^] blog article explains on it, have a look.

So a POST with HTTPS should be a good option.
   
v2
Comments
William Winner 25-Sep-10 11:37am
   
Thanks Sandeep
William Winner 25-Sep-10 11:38am
   
Reason for my vote of 5
Automatic vote of 5 for accepting answer.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)




CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100