I am trying to leverage the API's of an online registration system called EventBrite. I am wondering specifically about the user_new method. The following is an example of a request URL for this method:
https://www.eventbrite.com/xml/[email protected]&passwd=xxxxx
Where [email protected] is the email and xxxxx is the password. This method would be called from an ASP.NET application, but I can't help but questions the security of this...I am just passing someone's email and password as text in a URL? Can someone help me understand the level of security given this information, and how to make this secure?
More information on the method: http://developer.eventbrite.com/doc/users/user_new/
I think you're right to be a little concerned, not because of interception as noted by Marc in the comments, but perhaps just because the server logs will have your URL (with password) logged in it. See discussion here Are querystring parameters secure in HTTPS (HTTP + SSL)?