Ssl

jlot6 · #1 (**permalink**) 11-17-03, 22:50

I have a login page, which is not in SSL. However, the script that processes this information is. While that information passes to the login page to the page that processes this information, is this information encrypted?

Thanks in advanced...

rokslide · #2 (**permalink**) 11-17-03, 23:03

so you have http://whatever.com/login.asp the submits to https://whatever.com/checklogin.asp or something yes?

if this is the case then I would guess the answer is, the information sent to checklogin.asp is encryted.... I can't be one hundred percent certain though as I have never done this before....

rnealejr · #3 (**permalink**) 11-17-03, 23:36

Just think of what the url is. If you are submitting to a https then it is secure, if it is http then it is not.

Basically, when you submit https://www.mysite.com... the following occurs:
1. Client establishes a tcp connection to port 443 (the standard port for https).
2. Both client/server exchange information - where protocol,cipher and certificate information is exchanged.
3. Encrypted request sent to server.
4. Encrypted response sent to client.
5. Close ssl/tcp connection.

rnealejr · #4 (**permalink**) 11-17-03, 23:43

One note - most companies start their login page on an https connection - this gives the user confidence that they are enveloped in a secure connection from point to point. Some customers will turn away if they see that a login page does not begin with https (or a lock at the bottom of the browser).

Internet Services

Web Development

Digital Marketing

Consumer Tech