
Ask HN: How secure is plain text input on HTTPS web page? - docbrown
Before I start, let me say that I have amateur knowledge of HTTPS and other similar protocols so this question may be simple to answer. But, as a layperson, it seems problematic.<p>--<p>Recently I was helping someone file their taxes online--nothing complicated so free software suffices--but before we could begin, they had to reset their password. Since it was related to taxes, all accounts were based around SSN and email. Again, this seems fine as it&#x27;s a legitimate 501(c)(4)org and is reputable. However, the users input for their SSN was in plaintext with absolutely no delay in disguising it.<p>I understand this may be more user friendly as it could eliminate user error (i.e. typos in SSN) but does this then imply SSNs are being transferred in plaintext throughout their entire system? Is this type of plaintext input common industry practice? Bringing it down to the most basic level, is this type of input truly secure while being transferred over HTTPS?
======
nabaraz
That's how the internet works. All fields in forms are always sent in plain
text, so its up to HTTPS to secure it (as long as it is sent via POST request,
not GET).

------
Nextgrid
HTTPS will make sure the data is secure while in transit to the server. What
the server does with that data once it arrives is independent of HTTPS.

