I have a login page, which is not in SSL. However, the script that processes this information is. While that information passes to the login page to the page that processes this information, is this information encrypted?
Just think of what the url is. If you are submitting to a https then it is secure, if it is http then it is not.
Basically, when you submit https://www.mysite.com... the following occurs:
1. Client establishes a tcp connection to port 443 (the standard port for https).
2. Both client/server exchange information - where protocol,cipher and certificate information is exchanged.
3. Encrypted request sent to server.
4. Encrypted response sent to client.
5. Close ssl/tcp connection.
One note - most companies start their login page on an https connection - this gives the user confidence that they are enveloped in a secure connection from point to point. Some customers will turn away if they see that a login page does not begin with https (or a lock at the bottom of the browser).