[thelist] https question

Kim Maboy baianomovel at yahoo.com
Fri Jan 10 14:07:01 CST 2003


So the big questions is:

Does a form submitted from a non-secure page to a
secure page

a) submit the data first then secure a channel to
display the results page?

b) secure a channel and then submit data?

This could go both ways & I can't seem to find any
hard data on this. Anyone else?



At 09:46 AM 1/10/2003, Aleem Bawany wrote:
> > The login form is not on a secure page but if make
the
> > form action go to a secure page like: <form
> > action=https://www.domain.com/form.cgi > does the
form submit the
> > information securely?
>
>no, all data will be sent in clear text. You must use
>https on the page where the secure transfer is to
>originate (the login page).

I disagree here.

While it's not proper form to submit from unsecure to
secure, the browser and server need to setup the
secure channel each time prior to sending the data. It
setup and tear down each time, irregardless of the
referring page.
---
Anthony Baratta
President
Keyboard Jockeys

"Conformity is the refuge of the unimaginative."

--
* * Please support the community that supports you.  *
* http://evolt.org/help_support_evolt/

For unsubscribe and other options, including the Tip
Harvester
and archives of thelist go to: http://lists.evolt.org
Workers of the Web, evolt !



__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com



More information about the thelist mailing list