[thelist] https question

Aleem Bawany aleem.bawany at utoronto.ca
Fri Jan 10 15:10:01 CST 2003


> While it's not proper form to submit from unsecure to
> secure, the browser and server need to setup the secure
> channel each time prior to sending the data. It setup and
> tear down each time, irregardless of the referring page.

So if there is a secure page on the recieving end, but the
page POSTing is unsecure, it will encrypt the data
before sending? I am not sure how that would work but a
regular post request looks like this:

POST /results.pl HTTP/1.0		# initiate a post request
Content-Length: 17			# define content lenght

value=ThisIsATest				# post the data
HTTP/1.1 200 OK				# this is the response
Date: Fri, 10 Jan 2003 20:03:02 GMT
Server: Apache/1.3.27 (Win32) mod_ssl/2.8.11 OpenSSL/0.9.6g
mod_perl/1.27_01-dev PHP/4.3.0
Connection: close
Content-Type: text/html

value = ThisIsATest

---
The data is posted in plain text, so I would think that
posting from an unsecure page to a secure one would mean
the data is transmitted in clear text unless HTTP/1.1
persistent connections changes things.

Am I missing something? Please explain further.

aleem

[ http://members.evolt.org/aleem/ ]




More information about the thelist mailing list