How secure is sending sensitive data over https


Is SSL secure enough for using sensitive data (like password) in query string?
Is there any extra options to implement?

Best Solution

SSL provides secure, transport-level security. Nobody between client and server should be able to read the information.

But you should change your mind about writing sensitive data in the querystring. It will show up in the browser's history and is visible in the address bar of the browser and in logs on the server. See this article: How Secure Are Query Strings Over HTTPS?

If using query strings is your only option (I doubt it), here is an interesting article about securing query strings.