query string security

Pig

I would like to make content available on a page that requires authentication, but they would be accessing this page from another website, or a desktop application. This means they could not use a sign-in form to authenticate. I am thinking of passing the user name and password through the query string when the page is called. The page would be accessed through SSL on a dedicated server.

My question is, is there a way for the query string data to be read by anyone else? Would I have to force the setup to use POST instead of GET to make it secure?

For my own information on future projects, would having this set up on a non-dedicated server without SSL make a difference?

TIA

mtmosier

Anything transmitted over ssl cannot be easedropped on. Not easily anyway. That includes get, post and cookie values. Non-ssl is the opposite, all values are sent via plain text.

A few of the security concerns with using get instead of post... If the client application is a web browser, the user might save a bookmark which includes the password, which other people might be able to use to gain access. Or someone looking over their sholder might see the password in the url. Or if your login page links offsite, the browser might send the complete url of your site, username and password included, to the next site in the referer line. Also the password might be saved to disk on your own server in the access logs.