How secure is sending sensitive data over https?

Question

Is SSL secure enough for using sensitive data (like password) in query string? Is there any extra options to implement?

Answer 1

Sensitive data in the query string is a bad idea, casual passers by can see the query string and there'd be a temptation to bookmark which is really not secure.

SSL is pretty secure, if you do internet banking and you trust it then SSL will be good enough for you too.

Answer 2

Yes it is secure enough. While I agree its not usually a good idea anyways to have stuff such as that in a query string, its ok if its not a query string that will show in the address bar. If it shows in the address bar you for obvious reasons lose a level of security (people walking by, etc)

Answer 3

ssl inspector can open ssl traffics http://www.ssl-inspector.com/files/file/SSL%20Inspector%20Appliance%20Product%20Brief%20(2-11).pdf

Answer 4

Self-signed certificates are SSL certificates that are created and signed by yourself. This means that you do not require a third party certificate authority (CA) to sign your certificate, but it means that browsers will, by default, throw a warning about it, since a self-signed certificate cannot reliably (your browser has a list of trusted CAs) verify that the signer of the certificate is exactly what the certificate says.

Consider the situation where you create a SSL certificate "on behalf of" a certain Redmond-based software company. Now, if your HTTP server presents that certificate, which you have self-signed, to a client, the user agent will warn that this certificate may not actually be whose it says it is. A certificate authority will verify - by paperwork, the real, actual dead-tree kind - the identity of the party requesting signing, hence it's trustable.

Hope this helps.