I have an asp.Net MVC application. I am trying to pass data (say username, subscription id, etc) as part of the URL. https://www.MyApp.com/Users/UserName - Here UserName is the end user's loginID. Note this is sent as part of the URL not in query string. This is sent over HTTPS. I know that query string data can be logged in server logs though it is sent as encrypted format during transit. But I want to know that whether this data (UserName in the URL) be encrypted during transit from client to server app. My understanding is NO. Like to have a trusted source to confirm. Thanks in advance.
Asked
Active
Viewed 507 times
1
-
Possible duplicate of [Are HTTPS URLs encrypted?](https://stackoverflow.com/questions/499591/are-https-urls-encrypted) – Mathieu VIALES Oct 15 '17 at 07:32
-
why not use viewbag – Rohit Kumar Oct 15 '17 at 10:27
-
What difference does it make? It is bad practice to send anything secure in the URL. The user could bookmark this "secure" URL or email it to another user and then another user could use it, so there is clearly no measure of security when using URL parameters. – NightOwl888 Oct 16 '17 at 05:46
-
I agree . it is not safe to pass sensitive info via url.. but like to understand how the data really transits - plain or encrypted. what is the trusting source of that.? – Satheesh K Oct 19 '17 at 06:30
1 Answers
0
As per this answer, yes it will be encrypted BUT regarding the first comment the URL will be stored in the browser with no encryption and that can become a security concern. Juste think of bookmarks and browser history and you'll see why it's a bad idea to send sensitive data in he URL.
Mathieu VIALES
- 4,526
- 3
- 31
- 48