1. Home
  2. Forums Index
  3. WebmasterWorld / Webmaster General 4:34 pm May 21, 2026

Forum Moderators: phranque

Message Too Old, No Replies

Wrong security structure?

         

debugger

9:02 am on Sep 9, 2003 (gmt 0)



Hello,

I found out by chance that a commercial web site used a security system looking like

[MySite...]

I'm don't know much about SSL so I asked them if that was a secured method to pass some private data. They just told me that https encrypted it all!

I thought that SSL encrypted the page content only, not the URL, so is the web site right?

Thanks for your help

jpjones

9:38 am on Sep 9, 2003 (gmt 0)

10+ Year Member



https://MySite/MyPage?CreditCard=123456

SSL encrpyts the ON PAGE content only, not the called URL.

So taking the above as an example, it will show in any proxy logs between the browser and the destination web server, and it will also show up to anyone sniffing the traffic on the networks between the browser and the server.

This is NOT a secure way to transfer the credit card details! Instead, the information should be passed through a POST method within a form on the page.

JP

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. WebmasterWorld / Webmaster General 4:34 pm May 21, 2026