On Mon, 10 Jan 2000, L.D. Best wrote:
> Second, all Arachne users have seen the code produced and sent when we
> feed data to a page & submit it ... it usually overflows the URL line.
> <G> Well, I play a little game of hangman on-line once in awhile, and I
> wondered how in the heck the system knew which person trying to figure
> out which word was sending in a new letter guess. Then I looked
This is just a plain ID code - nothing to do with secure web sites.
> carefully at that URL line and discovered that, along with my current
> guess, the word itself sat up there in encoded form. It's only a simple
> substitution code, but I haven't bothered to break it because then ALL
> the fun of the game would be gone.
You are talking about a standard insecure connection - you can
(usually) derive your word from that encoded form, and if you can't,
well, you sent it in the open anyway, before the server encoded it =)
This is not so with SSL - it is sent in an encrypted form which only the
server can read. Not that Hangman games absolutely MUST be unreadable for
others for years and years...=)
> Bottom Line: The purchaser doesn't encrypt anything. The data supplied
> is encrypted by the website, or an appropriate link, prior to
> transmittal to the store accessible network.
Wrong - at least when you use SSL.
/petri
