Results 1 to 4 of 4

Thread: Ssl

  1. #1
    Join Date
    Sep 2003
    Location
    Newark, Vermont
    Posts
    20

    Unanswered: Ssl

    I have a login page, which is not in SSL. However, the script that processes this information is. While that information passes to the login page to the page that processes this information, is this information encrypted?



    Thanks in advanced...

  2. #2
    Join Date
    Nov 2003
    Location
    Christchurch, New Zealand
    Posts
    1,618
    so you have http://whatever.com/login.asp the submits to https://whatever.com/checklogin.asp or something yes?

    if this is the case then I would guess the answer is, the information sent to checklogin.asp is encryted.... I can't be one hundred percent certain though as I have never done this before....

  3. #3
    Join Date
    Feb 2002
    Posts
    2,232
    Just think of what the url is. If you are submitting to a https then it is secure, if it is http then it is not.

    Basically, when you submit https://www.mysite.com... the following occurs:
    1. Client establishes a tcp connection to port 443 (the standard port for https).
    2. Both client/server exchange information - where protocol,cipher and certificate information is exchanged.
    3. Encrypted request sent to server.
    4. Encrypted response sent to client.
    5. Close ssl/tcp connection.

  4. #4
    Join Date
    Feb 2002
    Posts
    2,232
    One note - most companies start their login page on an https connection - this gives the user confidence that they are enveloped in a secure connection from point to point. Some customers will turn away if they see that a login page does not begin with https (or a lock at the bottom of the browser).

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •