[thelist] https question

Hassan Schroeder hassan at webtuitive.com
Fri Jan 10 16:14:01 CST 2003

Aleem Bawany wrote:

> Anthony, I still have my doubts though. If the client is the one
> posting the data, e.g. a creditcard #, he is posting that data
> to a secure page, but the data itself is flowing from the client
> (currently over http, hence sending everything in clear text),
> to the secure page in "unsecure" mode, because the secure session
> has not yet been instantiated.

No, it's not, as Seb's very clear explanation shows.

All I'll add to this is to suggest that if you really need to *see*
this in action, download Ethereal, the open source "sniffer", and
watch the traffic as you try these different combinations of secure
and insecure connections.

Ethereal does a great job of explicitly identifying the certificate
exchange, etc. -- very illuminating.

Hassan Schroeder ----------------------------- hassan at webtuitive.com
Webtuitive Design ===  (+1) 408-938-0567   === http://webtuitive.com

                           dream.  code.

More information about the thelist mailing list