[thelist] More on SSL querystring encryption
Scott Dexter
sgd at ti3.com
Thu Nov 30 18:48:18 CST 2000
> > IIRC, jumping to a bookmark or a url in the drop-down list
> (the location
> > bar) doesn't send a referrer (cause, ah, you weren't referred?)
> >
> > I'll double check that, too
>
> well, that's the way its suppose to work - but Netscape (3,4)
> doesn't work
> like that. (Why do you look surprised?)
Because the tests I just made confirmed what I thought and remember. I've
not tested IE, but below are the log entries made on the destination site by
NN 4.72 and NN 3.04 running on NT4sp6. The URL used for all of the SSL tests
was https://www.cnahp-healthbenefits.com/test.asp?ssn=12324535, the non-SSL
URLS varied. The destination web server is IIS5, default.htm and index.htm
are in the same site/directory and logged to the same file.
Ron, I think the data below should answer your question well enough. Let me
know if there's something I missed....
NT4 sp6, NN 4.72
Selecting a URL from the location bar:
2000-12-01 00:37:35 204.62.2.80 - 204.62.2.241 GET /Default.htm - 304 0 216
Mozilla/4.72+[en]+(WinNT;+I) - -
Selecting URL from location bar WHILE at a SSL-encrypted site:
2000-12-01 00:13:23 204.62.2.80 - 204.62.2.241 GET /default.htm - 200 0
82088 Mozilla/4.72+[en]+(WinNT;+I) - -
Selecting a URL from bookmark while at non-SSL page:
2000-12-01 00:40:00 204.62.2.80 - 204.62.2.241 GET /index.htm - 304 0 164
Mozilla/4.72+[en]+(WinNT;+I) - [unknown+origin]
Selecting bookmark from SSL page
2000-12-01 00:27:26 204.62.2.80 - 204.62.2.241 GET /index.htm - 304 0 164
Mozilla/4.72+[en]+(WinNT;+I) - [unknown+origin]
Clicking a non-SSL URL from an SSL-encrypted page, referer is recorded with
query string:
2000-12-01 00:23:22 204.62.2.80 - 204.62.2.241 GET /Default.htm - 304 0 216
Mozilla/4.72+[en]+(WinNT;+I) -
https://www.cnahp-healthbenefits.com/test.asp?ssn=12324535
NN3.04
Selecting URL from location bar WHILE at a SSL-encrypted site:
2000-12-01 00:33:15 204.62.2.80 - 204.62.2.241 GET /index.htm - 304 0 164
Mozilla/3.04+(WinNT;+I) - -
>From bookmark while at SSL site:
2000-12-01 00:32:03 204.62.2.80 - 204.62.2.241 GET /Default.htm - 304 0 216
Mozilla/3.04+(WinNT;+I) - -
Selecting URL from location bar while NOT at a SSL site:
2000-12-01 00:41:43 204.62.2.80 - 204.62.2.241 GET /index.htm - 304 0 164
Mozilla/3.04+(WinNT;+I) - -
>From bookmark while at non-SSL URL:
2000-12-01 00:42:24 204.62.2.80 - 204.62.2.241 GET /index.htm - 304 0 164
Mozilla/3.04+(WinNT;+I) - -
Clicking a non-SSL URL from an SSL-encrypted page, referer is recorded with
query string:
2000-12-01 00:34:36 204.62.2.80 - 204.62.2.241 GET /Default.htm - 304 0 216
Mozilla/3.04+(WinNT;+I) -
https://www.cnahp-healthbenefits.com/test.asp?ssn=12324535
sgd
--
work: http://www.ti3.com/
non: http://thinksafely.org/
More information about the thelist
mailing list