[thelist] https question
Aleem Bawany
aleem.bawany at utoronto.ca
Fri Jan 10 15:10:01 CST 2003
> While it's not proper form to submit from unsecure to
> secure, the browser and server need to setup the secure
> channel each time prior to sending the data. It setup and
> tear down each time, irregardless of the referring page.
So if there is a secure page on the recieving end, but the
page POSTing is unsecure, it will encrypt the data
before sending? I am not sure how that would work but a
regular post request looks like this:
POST /results.pl HTTP/1.0 # initiate a post request
Content-Length: 17 # define content lenght
value=ThisIsATest # post the data
HTTP/1.1 200 OK # this is the response
Date: Fri, 10 Jan 2003 20:03:02 GMT
Server: Apache/1.3.27 (Win32) mod_ssl/2.8.11 OpenSSL/0.9.6g
mod_perl/1.27_01-dev PHP/4.3.0
Connection: close
Content-Type: text/html
value = ThisIsATest
---
The data is posted in plain text, so I would think that
posting from an unsecure page to a secure one would mean
the data is transmitted in clear text unless HTTP/1.1
persistent connections changes things.
Am I missing something? Please explain further.
aleem
[ http://members.evolt.org/aleem/ ]
More information about the thelist
mailing list