How secure is sending sensitive data over https?

Question

Is SSL secure enough for using sensitive data (like password) in query string? Is there any extra options to implement?

Answer 1

There is no "secure enough", security is not a static thing with a bool property that is either false or true.

SSL is good, but it depends on how secure is the private key on the server side, how much bits the key has, the algorithm used, how trustworthy the used certificates are, etc ....

But if you use SSL at least all your data transmitted is encrypted (except the target IP because it is used to route your package).

Another point you should consider is - if you enter your password query string by hand in your browser it might end up in your local browser cache (in an completely unencrypted local file). So better use POST and not GET transfer mechanics.

If you are really interested in security i recommend more research about that topic, because most often not the algorithm is the weakest point in security.

Answer 2

SSL provides secure, transport-level security. Nobody between client and server should be able to read the information.

But you should change your mind about writing sensitive data in the querystring. It will show up in the browser's history and is visible in the address bar of the browser and in logs on the server. See this article: How Secure Are Query Strings Over HTTPS?

If using query strings is your only option (I doubt it), here is an interesting article about securing query strings.

Answer 3

SSL is secure, but remember that any encryption can be broken if given enough time and resources. Given that you don't know which packets contain a password and which don't, you'd have to decrypt all encrypted traffic to find the right one. This is intractable in the general case.

However, a login form will need a input[type=text] to enter it. It would take work to "unpack" this and turn the request in to a HTTP GET request using query strings rather than a POST with the data in form parameters. I can't imagine why anyone would do this. Once the password has been supplied by the user (and the user authenticated), use the fact of authentication rather than keeping the password around. If you need to keep the password, for impersonation, say, keep it server side and preferably in a secure string. If you are trying do do single-sign on (enter my id/password once for many sites), then use some sort of central authentication service (CAS) - OpenID, WindowsLive - or implement your own.

The fewer times a password crosses the wire, the better.

And, there is always the browser location bar to consider which would argue that you need to encrypt and encode any sensitive data you put in query strings as mentioned previously.

Answer 4

you should never send anything critically sensitive using query strings!

Answer 5

agree with the SSL is secure *ish and the querystring issue

remember that there are limitations on SSL -

ensure that the cert is root certified.

some windows 2000 machines need to have an sp applied for the 128 bit ssl to work, if its not there then it goes to 40bit or doenst load (if i remember right)

Some software firewalls like ISA - where you publish the secure site and cert inside it - act like a man in the middle.

Secure to ISA then Secure to LAN. but the big facter here is the "then" as ISA will Log then logging is an issue as the password on the query string and post can be seen - which means anyone (admin) can see...

So look for secure hashing algorithims in your language to simply hash the password.

Answer 6

Shouldn't one send hashed passwords ? - nevermind if I'm wrong.

SSL is pretty much the most security you can get.