They are sent encrypted. The URL will contain them in plain-text though, which is how they will appear in serverlogs. Jeroen T. Wenting [EMAIL PROTECTED] Murphy was wrong, things that can't go wrong will anyway > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Christophe > Hartwig > Sent: Wednesday, November 08, 2000 09:03 > To: Orion-Interest > Subject: RE: SSL > > > > If I have an ssl connection using > > https://myserver/myresource?username=mylogin&password=mypassword > > Are the parameters username and password encrypted or is this > > available in clear text? > > Encrypted, definitely: the socket is encrypted by SSL, so everything is. > > Bye > Christophe >