| Author |
 Topic Search  Topic Options
|
dj air 
Senior Member
Joined: 05 April 2002
Location: United Kingdom
Status: Offline
Points: 3627
|
 Post Options
 Thanks(0)
 Quote  Reply
 Topic: SSL and sending to SSL
Posted: 26 July 2006 at 2:23pm |
hi,
was wondering if you anyone knows the answer to this.
if i have a page url like http://www.domain.com
and submit the page to https://www.domain2.co.uk
not the https on the second one
would that be a secure sending, or would it only be a secure send if the sending page is under SSL
basiclly are non encrypted pages sending to a encrypted page set first at client level? or have to go though a SSL page first
thanks in advanced
|
 |
VBScript
Senior Member
Joined: 14 July 2004
Location: United Kingdom
Status: Offline
Points: 219
|
Post Options
Thanks(0)
Quote Reply
Posted: 26 July 2006 at 3:40pm |
|
I think the pages that do the sending and receiving of the data have to he in the same SSL Secured folder
|
|
|
|
Mart
Senior Member
Joined: 30 November 2002
Status: Offline
Points: 2304
|
Post Options
Thanks(0)
Quote Reply
Posted: 26 July 2006 at 5:44pm |
|
The sending page doesn't have to be over ssl, the form will be posted using whichever protocol you specify regardless of what the page it was posted from is on.
|
|
dj air
Senior Member
Joined: 05 April 2002
Location: United Kingdom
Status: Offline
Points: 3627
|
Post Options
Thanks(0)
Quote Reply
Posted: 26 July 2006 at 5:49pm |
|
thanks, thats what i thought.
i have seen it somewher but can't find it.
just to clarify to others, the encryption is done at client side , ie, when you click submit if in HTTPS MODE , the browser encrypts the page then sends it to the server. using the Keys as encryption from the receiving server.
|
|
WebWiz-Bruce
Admin Group
Web Wiz Developer
Joined: 03 September 2001
Location: Bournemouth
Status: Offline
Points: 9844
|
Post Options
Thanks(0)
Quote Reply
Posted: 26 July 2006 at 8:21pm |
|
I did read in a PC mag at the weekend someone asking a similar question about a site which is an SSL site, but the login page was not SSL it sent you to the SSL page after you submitted the login form.
The journalist answered saying that the site in question used javascript to encrypt the login data from the non secure SSL page.
So I guess that means if you submit from a non SSL page the data will not be encrypted unless you use some other method to encrypt the data.
|
|
|
|
Mart
Senior Member
Joined: 30 November 2002
Status: Offline
Points: 2304
|
Post Options
Thanks(0)
Quote Reply
Posted: 26 July 2006 at 8:48pm |
|
The only reason most sites use SSL on the login page and the page it posts to is that most users now know that they should look for the padlock symbol in the status bar, but it makes no difference if it posts to an SSL page anyway
|
|
michael
Senior Member
Joined: 08 April 2002
Location: United States
Status: Offline
Points: 4670
|
Post Options
Thanks(0)
Quote Reply
Posted: 26 July 2006 at 9:03pm |
|
Are you sure about that Mart? IIRC if you are on a SSL page you receive a Public Key to encrypt the data and the Cert on the server decrypts that. So if you are on a non-SSL page you are sending clear text data to a SSL page.
|
|
|
|
Mart
Senior Member
Joined: 30 November 2002
Status: Offline
Points: 2304
|
Post Options
Thanks(0)
Quote Reply
Posted: 26 July 2006 at 9:19pm |
|
Wait, let me make sure you're asking what i think you're asking...
http://www.domain1.co.uk/login.html has a form that posts to
https://www.domain2.co.uk/loginprocessor.asp?
In that case i'm pretty sure the data is still sent securly, guess i could check later on my shared ssl
|
|
