Re: [WSG] forms and SSL
Hi Chris, I just did a quick test using Ethereal http://ethereal.com/, and it looks like the browser requests the server's certificate, then encrypts the data that it is sending. Using Firefox 0.9.3 Internet Explorer 6. Of course, if you're intending to put this into practice somewhere, I'd suggest a bit more testing :) As for your next question, I don't think it's possible to send cleartext over HTTPS at all. (mind you, I'm not the worlds greatest authority on HTTPS, so I might be wrong :p) On Wed, 11 Aug 2004 12:25:13 +1000, Chris Blown [EMAIL PROTECTED] wrote: A discussion popped up here recently, and though its not really specific to web standards, I still think its worthy of a bit of discussion on the list. If you have a form that is served via standard http with its action set to a https server, then one assumes that the UA will send an encrypted post request. Or does it? -- Lindsay Evans http://lindsayevans.com/ ** The discussion list for http://webstandardsgroup.org/ Proud presenters of Web Essentials 04 http://we04.com/ Web standards, accessibility, inspiration, knowledge To be held in Sydney, September 30 and October 1, 2004 See http://webstandardsgroup.org/mail/guidelines.cfm for some hints on posting to the list getting help **
Re: [WSG] forms and SSL
On Thu, 2004-08-12 at 08:55, Lindsay Evans wrote: I just did a quick test using Ethereal http://ethereal.com/, and it looks like the browser requests the server's certificate, then encrypts the data that it is sending. Using Firefox 0.9.3 Internet Explorer 6. Thanks for that. Of course, if you're intending to put this into practice somewhere, I'd suggest a bit more testing :) No I'd rather serve the whole thing via https. I've seen quite a few larger sites that need to consider security doing this and though it seems a perfectly secure practise, visitors might be reluctant entering sensitive data into their browser without the closed little pad lock icon appearing ;) Cheers Chris Blown ** The discussion list for http://webstandardsgroup.org/ Proud presenters of Web Essentials 04 http://we04.com/ Web standards, accessibility, inspiration, knowledge To be held in Sydney, September 30 and October 1, 2004 See http://webstandardsgroup.org/mail/guidelines.cfm for some hints on posting to the list getting help **
[WSG] forms and SSL
A discussion popped up here recently, and though its not really specific to web standards, I still think its worthy of a bit of discussion on the list. If you have a form that is served via standard http with its action set to a https server, then one assumes that the UA will send an encrypted post request. Or does it? One example is www.americanexpress.com.au which happily accepts members password from the ( http ) front page and posts to a https server. I guess the next question is can you post a clear text request to a https server without complaint? Regards Chris Blown ** The discussion list for http://webstandardsgroup.org/ Proud presenters of Web Essentials 04 http://we04.com/ Web standards, accessibility, inspiration, knowledge To be held in Sydney, September 30 and October 1, 2004 See http://webstandardsgroup.org/mail/guidelines.cfm for some hints on posting to the list getting help **