[thelist] https question

Aleem Bawany aleem.bawany at utoronto.ca
Fri Jan 10 16:03:01 CST 2003


> BTW - The page is only "secure" during the transmission of
> the data between the browser and the server. Just because
> you start from an "unsecure" page doesn't invalidate the
> next connection to a "secured" page.

Anthony, I still have my doubts though. If the client is the one
posting the data, e.g. a creditcard #, he is posting that data
to a secure page, but the data itself is flowing from the client
(currently over http, hence sending everything in clear text),
to the secure page in "unsecure" mode, because the secure session
has not yet been instantiated. That's what I illustrated with
the HTTP request in the earlier post. I still don't get how
sending the data will be secure if sending from an unsecure page
to a secure one.

aleem

[ http://members.evolt.org/aleem/ ]




More information about the thelist mailing list