[thelist] Security of Post vs Get
Ken Schaefer
ken.schaefer at gmail.com
Wed Aug 25 05:41:53 CDT 2004
On Wed, 25 Aug 2004 06:08:01 -0400, Joshua Olson <joshua at waetech.com> wrote:
> > -----Original Message-----
> > From: Paul Cowan
> > Sent: Wednesday, August 25, 2004 2:25 AM
> >
> > If a web client requests a file from a web server over SSL, everything is
> > encrypted. The encryption is set up at the protocol level, if you like,
> > before the URL is transmitted to the server.
>
> As an aside, this is the reason why secured sites have to be on their own IP
> address. In order to decrypt the URI, you'll need to know which SSL to use.
> Since the SSL's are domain specific, you'll need to know the URI in advance.
> Typical chicken and egg problem. The solution is to rely on something else
> to tell you which SSL to use... in this case, the IP! Hence, each secure
> site must be on it's own IP.
>
> Please note... multiple sites can share the same IP, so long as at most one
> of them is secure.
You can use TCP ports other than 443...
Cheers
Ken
More information about the thelist
mailing list