Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Is a java request sent to a HTTPS url totally safe?

I am actually trying to send SMS using CDYNE and their API. To do that, I am using Java and HttpGet and HttpClient object (Httpcore and HttpClient libs). I am sending the request to an https URL, sending the parameters like https://www.example.com/SecureREST/SimpleSMSsend?PhoneNumber=ABC&Message=XYZ

Would it be a security issue that I am using a GET request and that all parameters are in the URL it self? What if the content of the Message parameter in the URL contains sensitive informations? Could someone sniff the network to get hold of the content or is is safe since the request is sent using HTTPS?

My believe is that only the www.example.com is visible during the handshake process and that once this is done, everything is encrypted but I just want to make sure.

like image 952
dukable Avatar asked Oct 23 '22 23:10

dukable


1 Answers

Wikipedia is pretty clear about this:

Note that when a client sends an HTTPS request, the hostname and port of the URL are unencrypted... However, all other parts of the HTTPS request, including the URL path and query parameters, can only be decrypted by the destination site or by an interposing intermediary that terminates the HTTPS connection on behalf of the site.

So your belief is right. Only the hostname and port are openly visible; the rest of the URL is encrypted.

like image 68
Dave Webb Avatar answered Oct 31 '22 12:10

Dave Webb