Can one's post request data be sniffed?

Question

I apologize, I am new to this and assume that I will mix some terms up.

I am trying to setup Google clientLogin and I am worried about sending my private information

Answer 1

• HTTP requests go over the wire in plaintext - and thus can be sniffed easily.
• HTTPS are HTTP requests made through the Secure Socket Layer (SSL), which provides data encryption between the client and the server, identifies the server, and (optionally) identifies the client.

So, although it's possible to sniff the encrypted data, they can be considered secure while in transit - in other words, an attacker would not see the plaintext.

There are various attacks on HTTPS, but the most common are easily detectable, e.g. if you get a certificate error on a HTTPS site that used to work normally, this may be a sign of an attempted attack. For additional reading, see the questions tagged SSL on security.stackexchange.com

Long story short: POST over HTTPS is much more secure than over HTTP. (You still need to handle the data carefully on client- and server-side, HTTPS is a transport protection)

See also: https://security.stackexchange.com/questions/5/does-an-established-ssl-connection-mean-a-line-is-really-secure