How secure is a HTTP GET when the data is URL Encoded?

Question

If the data is Url Encoded, is it secure enough to send login credentials over HTTP GET?

Answer 1

Not at all. URL encoded is easily reversible. You should encrypt the transport layer (i.e. use HTTPS)

Answer 2

No - URL encoding is meant to make sure all the characters you try to send with a GET request can actually arrive at the other end.

It is actually designed to be easily encoded and decoded to prepare data for transport, not for security.

Answer 3

URL encoding is not any kind of encryption, it just prepares the string to be sent through the network.

If your data is sensitive, GET should be completely out of question. Reasons for this?

1. The obvious one, everyone who takes a peek at the URL bar, will see the data
2. The data will be left in every proxy log that it passes trough
3. If the user leaves the site, the next site will have the URL recorded in it's logs/web statistics (REFERER).

Answer 4

URLEncoding is for encoding/transmission, not security.

Answer 5

Not at all secure.