| Author |
 Topic Search  Topic Options
|
Mikey 
Senior Member
1979
Joined: 06 October 2003
Location: United Kingdom
Status: Offline
Points: 839
|
 Post Options
 Thanks(0)
 Quote  Reply
 Posted: 26 July 2006 at 9:54pm |
|
I have always assumed data leaving a non-SSL page is unsecure as the destination would have no effect on the original sent data. Not until it reaches the SSL page woud it be secure.
|
|
Handyman man?
|
 |
Mart
Senior Member
Joined: 30 November 2002
Status: Offline
Points: 2304
|
Post Options
Thanks(0)
Quote Reply
Posted: 26 July 2006 at 10:00pm |
|
hmm, I thought the client and server handshake, and then the post data is sent securely after handshaking, looking in the http specs now
|
|
Mart
Senior Member
Joined: 30 November 2002
Status: Offline
Points: 2304
|
Post Options
Thanks(0)
Quote Reply
Posted: 26 July 2006 at 10:06pm |
Yeah, pretty sure what i said was right: http://support.microsoft.com/kb/257591/
the post data isn't sent until Step 11, and at that point the connection is secure, it makes no difference whether the refering page was over ssl
|
|
dj air
Senior Member
Joined: 05 April 2002
Location: United Kingdom
Status: Offline
Points: 3627
|
Post Options
Thanks(0)
Quote Reply
Posted: 26 July 2006 at 10:31pm |
 Mart wrote:
hmm, I thought the client and server handshake, and then the post data is sent securely after handshaking, looking in the http specs now
|
this is what i thought the receiving server /SSL page recieves the request, sends a Key to the sending server, encrypts and sends it to the recieving server
|
|
Mart
Senior Member
Joined: 30 November 2002
Status: Offline
Points: 2304
|
Post Options
Thanks(0)
Quote Reply
Posted: 26 July 2006 at 10:34pm |
|
easy way to make sure is to just put
<%= Request.ServerVariables("HTTPS") %>
on the receiving page, if "on" is printed then everything's ok
|
|
dj air
Senior Member
Joined: 05 April 2002
Location: United Kingdom
Status: Offline
Points: 3627
|
Post Options
Thanks(0)
Quote Reply
Posted: 26 July 2006 at 10:43pm |
|
ok,
the reason i want it is because i am having a control panel, where people can alias it, i will have Private SSL as an option but if they want they can use a white labled interface, that has SSL on it,
so i want to allow them to be able to send from their alias to my SSL interface which is exactly the same but under SSL.
|
|
ctscott
Senior Member
Joined: 27 May 2003
Location: United States
Status: Offline
Points: 246
|
Post Options
Thanks(0)
Quote Reply
Posted: 28 July 2006 at 1:59pm |
|
good thread, thanks for the info.
|
|
|
|
