POST over HTTPS "secure enough" for sensitive data?

Instead of extra encryption, if you must be secure, use two-factor authentication. Make user users enter a user name, a password, and a 6-digit random number sent by email or SMS. A compromised certificate means that the attacker can possibly control the entire SSL payload both directions; including any code you send to the client to perform the encryption required to authenticate with the server.

Also consider separating your application server and your authentication server. This makes it a lot harder for an attacker to do anything useful with an acquired list of usernames and passwords if they are not actually accepted by the application server; this is concept behind OAuth2. It is far easier to recover one server than it is to attack two servers (at least, in theory).


I'm assuming when you say the "web app" sends a POST, what you really mean is that the html webpage in the users browser makes a POST request to a third party server.

The event of a SSL/TLS compromise by an outside attacker (rogue CA/government) is probably pretty low. That leaves two possibilities.

#1. Your server was compromised through an unrelated attack, and the private key was stolen

If someone is in your system and can access the private key, they likely can access your application/source and modify it to siphon off data (MITM). At that point no extra crypto will save you.

#2. The settings used to create/deploy SSL/TLS are bad. If you are using insecure algorithms/hashes or an old SSL version you may be vulnerable to SSL specific attacks (http://en.wikipedia.org/wiki/Transport_Layer_Security#Security). Remember to use SSL 3/TLS. Preferably TLS 1.2.