How secure is sending sensitive data over https?

Question

Is SSL secure enough for using sensitive data (like password) in query string? Is there any extra options to implement?

Answer 1

There is no "secure enough", security is not a static thing with a bool property that is either false or true.

SSL is good, but it depends on how secure is the private key on the server side, how much bits the key has, the algorithm used, how trustworthy the used certificates are, etc ....

But if you use SSL at least all your data transmitted is encrypted (except the target IP because it is used to route your package).

Another point you should consider is - if you enter your password query string by hand in your browser it might end up in your local browser cache (in an completely unencrypted local file). So better use POST and not GET transfer mechanics.

If you are really interested in security i recommend more research about that topic, because most often not the algorithm is the weakest point in security.