[thelist] https question
Anthony Baratta
Anthony at Baratta.com
Fri Jan 10 12:58:25 CST 2003
At 09:46 AM 1/10/2003, Aleem Bawany wrote:
> > The login form is not on a secure page but if make the
> > form action go to a secure page like: <form
> > action=https://www.domain.com/form.cgi > does the form
> > submit the information securely?
>
>no, all data will be sent in clear text. You must use
>https on the page where the secure transfer is to
>originate (the login page).
I disagree here.
While it's not proper form to submit from unsecure to secure, the browser
and server need to setup the secure channel each time prior to sending the
data. It setup and tear down each time, irregardless of the referring page.
---
Anthony Baratta
President
Keyboard Jockeys
"Conformity is the refuge of the unimaginative."
More information about the thelist
mailing list