Suppose i have a login page i.e username and password and the website only uses the GET method to transfer the credentials. But thanks for SSL/TLS certificate to make the communication secure. But In this situation to submit password "Is it really secure using GET with HTTPS?"
Asked
Active
Viewed 850 times
1
-
Emm, when I ask any question its duplicate. :( – januu agrawal Oct 17 '17 at 07:04
1 Answers
1
The entire query string will be encrypted using SSL, but keep in mind that the URL will still be logged in any traffic analyzer on the server.
POST will always be more secured.
Benoit Gambier
- 98
- 7
-
Hello! thanx for answering the question. You mean that the get password will also see cleared in the referrer header, agree! but **what if the website has no Open redirection vulnerability?** Then is it good? – januu agrawal Oct 17 '17 at 07:35
-