I want to encrypt the query string values used in my MVC3 application. If i implement SSL certificate, whether all the parameters passed with url in encrypted form or not. The application is already completed, now its running appscan testing, so its very tough to encrypt and decrypt manually the query string.
Asked
Active
Viewed 561 times
1 Answers
1
As per answer given in this post
Yes, it is. But using GET for sensitive data is a bad idea for several reasons:
Mostly HTTP referrer leakage (an external image in the target page might leak the password1) Password will be stored in server logs (which is obviously bad) History caches in browsers Therefore, even though Querystring is secured it's not recommended to transfer sensitive data over querystring.
Community
- 1
- 1
Nilesh Gajare
- 6,302
- 3
- 42
- 73
-
Thanks Nilesh, Currently I implemented self signed SSL . Can we able to encrypt the query strings by using self signed, or its required authorized certificate. – user3117786 Apr 11 '14 at 06:02
-
we cant encrypt using SSL but The entire text of an HTTPS session is secured by SSL. That includes the query and the headers. – Nilesh Gajare Apr 11 '14 at 06:11