So Aleem, You can have http://www.yourdomain.com as the main page and somewhere inside the site, include a login link to https://www.yourdomain.com/yourloginpage/ and, like magic, all communication from that point on is secure? Rob -----Original Message----- From: Aleem Bawany [mailto:aleem.bawany at utoronto.ca] Sent: Friday, January 10, 2003 11:46 AM To: thelist at lists.evolt.org Subject: RE: [thelist] https question > The login form is not on a secure page but if make the > form action go to a secure page like: <form > action=https://www.domain.com/form.cgi > does the form > submit the information securely? no, all data will be sent in clear text. You must use https on the page where the secure transfer is to originate (the login page). aleem [ http://members.evolt.org/aleem/ ] -- * * Please support the community that supports you. * * http://evolt.org/help_support_evolt/ For unsubscribe and other options, including the Tip Harvester and archives of thelist go to: http://lists.evolt.org Workers of the Web, evolt !