[thelist] https question
Hassan Schroeder
hassan at webtuitive.com
Fri Jan 10 16:14:01 CST 2003
Aleem Bawany wrote:
> Anthony, I still have my doubts though. If the client is the one
> posting the data, e.g. a creditcard #, he is posting that data
> to a secure page, but the data itself is flowing from the client
> (currently over http, hence sending everything in clear text),
> to the secure page in "unsecure" mode, because the secure session
> has not yet been instantiated.
No, it's not, as Seb's very clear explanation shows.
All I'll add to this is to suggest that if you really need to *see*
this in action, download Ethereal, the open source "sniffer", and
watch the traffic as you try these different combinations of secure
and insecure connections.
Ethereal does a great job of explicitly identifying the certificate
exchange, etc. -- very illuminating.
--
Hassan Schroeder ----------------------------- hassan at webtuitive.com
Webtuitive Design === (+1) 408-938-0567 === http://webtuitive.com
dream. code.
More information about the thelist
mailing list