Closed arachno7 closed 2 years ago
Hm, It's my understanding that when using HTTPS only the domain name is presented in clear text, while the path and query parameters are encrypted.
As per https://https.cio.gov/faq/ "The URL path and query string parameters are encrypted, as are POST bodies."
Please correct me if I am wrong.
I've analyzed the network traffic using Wireshark to confirm this. The only information visible when using HTTPS is the domain name, which is to be expected and is unavoidable.
If you want to discuss this more, (or if I am completely off-base) feel free to reopen the issue.
Thank you for the issue, I really appreciate people looking into the code to try and improve it! :-)
Nice little lib. However, it's not best practice to transmit secure login credentials over http GET in the URL. Your username/password is exposed to anything listening to or logging URL traffic. Looks like a drop-in replacement to use the POST version of the same URL.
Example:
Cheers