This week's book giveaway is in the Mac OS forum.
We're giving away four copies of a choice of "Take Control of Upgrading to Yosemite" or "Take Control of Automating Your Mac" and have Joe Kissell on-line!
See this thread for details.
The moose likes Security and the fly likes Is using HTTPS that simple? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


JavaRanch » Java Forums » Engineering » Security
Bookmark "Is using HTTPS that simple?" Watch "Is using HTTPS that simple?" New topic
Author

Is using HTTPS that simple?

J. Frederik
Greenhorn

Joined: Mar 06, 2013
Posts: 16
Will the data (like parameter "name") from this connection be encrypted and safe just by using "https" as scheme or is there something else I have to do, to make sure only the recipient can read the data?
And I do not mean advanced stuff, I just want to know if I use https the way it is supposed to be used.

Thanks a lot!

Jayesh A Lalwani
Bartender

Joined: Jan 17, 2008
Posts: 2383
    
  28

Yes, the entire URL is encrypted, so even the GET parameters will be encrypted between the client and the Server

However, and this is a big however, most HTTP servers log the URL after it has been decrypted. If you are sending a parameter in the GET request, the parameter is part of the URL. So, the parameter will also be logged. This might create a security issue for you because anyone who has access to the HTTP logs might see sensitive information.
J. Frederik
Greenhorn

Joined: Mar 06, 2013
Posts: 16
Thank you very much for your friendly and helpful reply!
 
GeeCON Prague 2014
 
subject: Is using HTTPS that simple?