will the SSL encrypts both the Query string and body of the post request in my asp.net mvc3 web application

Question

i have a question if using SSL will encrypt both the query string and the Post request body which contain the fields values ?

and if the answer is yes,,

Then does this mean that i can be 99% confidence than an attaker will not be able to modify both the query string & the post body request?

BR

Answer 1

Then does this mean that i can be 99% confidence than an attaker will not be able to modify both the query string & the post body request?

SSL only encrypts and hide the information from a third party. However the hackers own request he can do whatever he wants with them, even if they are sent encrypted. As I said SSL only protects against a third party, not anything else.

A golden rule in all web development is, NEVER trust input data, Encrypted or not.

even if the attacker is Authenticated using a username and password to my web site.

The hacker can send whatever he see fit to the server, his request will be encrypted and protected against a third party, but he can send just whatever he want and your code, if you do not folow the line of never trust input data, he might breach into your server yeah.

So yet again SSL ONLY protects against a third party ( and even that some times not )

Answer 2

If you're using SSL, then yes, you can be sure an attacker will not be able to modify the query string or post data. SSL authenticates the server to the client to prevent anyone successfully impersonating your server. It also encrypts each message sent back and forth using the server's private X.509 key, so that no intermediary can decipher them.