[thelist] Security of Post vs Get

Joshua Olson joshua at waetech.com
Wed Aug 25 05:08:01 CDT 2004


> -----Original Message-----
> From: Paul Cowan
> Sent: Wednesday, August 25, 2004 2:25 AM
>
> If a web client requests a file from a web server over SSL, everything is
> encrypted. The encryption is set up at the protocol level, if you like,
> before the URL is transmitted to the server.

As an aside, this is the reason why secured sites have to be on their own IP
address.  In order to decrypt the URI, you'll need to know which SSL to use.
Since the SSL's are domain specific, you'll need to know the URI in advance.
Typical chicken and egg problem.  The solution is to rely on something else
to tell you which SSL to use... in this case, the IP!  Hence, each secure
site must be on it's own IP.

Please note... multiple sites can share the same IP, so long as at most one
of them is secure.

<><><><><><><><><><>
Joshua Olson
Web Application Engineer
WAE Tech Inc.
http://www.waetech.com/service_areas/
706.210.0168




More information about the thelist mailing list