SSL and sending to SSL
Printed From: Web Wiz Forums
Category: General Discussion
Forum Name: General Discussion
Forum Description: General discussion and chat on any topic.
URL: https://forums.webwiz.net/forum_posts.asp?TID=20825
Printed Date: 30 March 2026 at 7:51am
Software Version: Web Wiz Forums 12.08 - https://www.webwizforums.com
Topic: SSL and sending to SSL
Posted By: dj air
Subject: SSL and sending to SSL
Date Posted: 26 July 2006 at 2:23pm
|
hi, was wondering if you anyone knows the answer to this. if i have a page url like http://www.domain.com/ - http://www.domain.com and submit the page to https://www.domain2.co.uk/ - https://www.domain2.co.uk not the https on the second one would that be a secure sending, or would it only be a secure send if the sending page is under SSL basiclly are non encrypted pages sending to a encrypted page set first at client level? or have to go though a SSL page first thanks in advanced |
Replies:
Posted By: VBScript
Date Posted: 26 July 2006 at 3:40pm
|
I think the pages that do the sending and receiving of the data have to he in the same SSL Secured folder
------------- http://www.james-r.co.uk" rel="no follow - James http://www.gotrillian.com/?4498-20" rel="no follow - Trillian - M |
Posted By: Mart
Date Posted: 26 July 2006 at 5:44pm
|
The sending page doesn't have to be over ssl, the form will be posted using whichever protocol you specify regardless of what the page it was posted from is on. |
Posted By: dj air
Date Posted: 26 July 2006 at 5:49pm
|
thanks, thats what i thought. i have seen it somewher but can't find it. just to clarify to others, the encryption is done at client side , ie, when you click submit if in HTTPS MODE , the browser encrypts the page then sends it to the server. using the Keys as encryption from the receiving server. |
Posted By: WebWiz-Bruce
Date Posted: 26 July 2006 at 8:21pm
|
I did read in a PC mag at the weekend someone asking a similar question about a site which is an SSL site, but the login page was not SSL it sent you to the SSL page after you submitted the login form. The journalist answered saying that the site in question used javascript to encrypt the login data from the non secure SSL page. So I guess that means if you submit from a non SSL page the data will not be encrypted unless you use some other method to encrypt the data. ------------- https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting |
Posted By: Mart
Date Posted: 26 July 2006 at 8:48pm
| The only reason most sites use SSL on the login page and the page it posts to is that most users now know that they should look for the padlock symbol in the status bar, but it makes no difference if it posts to an SSL page anyway |
Posted By: michael
Date Posted: 26 July 2006 at 9:03pm
|
Are you sure about that Mart? IIRC if you are on a SSL page you receive a Public Key to encrypt the data and the Cert on the server decrypts that. So if you are on a non-SSL page you are sending clear text data to a SSL page. ------------- http://baumannphoto.com" rel="nofollow - Blog | http://mpgtracker.com" rel="nofollow - MPG Tracker |
Posted By: Mart
Date Posted: 26 July 2006 at 9:19pm
|
Wait, let me make sure you're asking what i think you're asking... http://www.domain1.co.uk/login.html has a form that posts to https://www.domain2.co.uk/loginprocessor.asp? In that case i'm pretty sure the data is still sent securly, guess i could check later on my shared ssl |
Posted By: Mikey
Date Posted: 26 July 2006 at 9:54pm
|
I have always assumed data leaving a non-SSL page is unsecure as the destination would have no effect on the original sent data. Not until it reaches the SSL page woud it be secure.
------------- Handyman man? |
Posted By: Mart
Date Posted: 26 July 2006 at 10:00pm
| hmm, I thought the client and server handshake, and then the post data is sent securely after handshaking, looking in the http specs now |
Posted By: Mart
Date Posted: 26 July 2006 at 10:06pm
|
Yeah, pretty sure what i said was right: http://support.microsoft.com/kb/257591/ - http://support.microsoft.com/kb/257591/ the post data isn't sent until Step 11, and at that point the connection is secure, it makes no difference whether the refering page was over ssl |
Posted By: dj air
Date Posted: 26 July 2006 at 10:31pm
this is what i thought the receiving server /SSL page recieves the request, sends a Key to the sending server, encrypts and sends it to the recieving server |
Mart wrote:Posted By: Mart
Date Posted: 26 July 2006 at 10:34pm
|
easy way to make sure is to just put <%= Request.ServerVariables("HTTPS") %> on the receiving page, if "on" is printed then everything's ok |
Posted By: dj air
Date Posted: 26 July 2006 at 10:43pm
|
ok, the reason i want it is because i am having a control panel, where people can alias it, i will have Private SSL as an option but if they want they can use a white labled interface, that has SSL on it, so i want to allow them to be able to send from their alias to my SSL interface which is exactly the same but under SSL. |
Posted By: ctscott
Date Posted: 28 July 2006 at 1:59pm
|
good thread, thanks for the info. ------------- ______________________ http://www.cfbtrivia.com" rel="nofollow - College Football Trivia |