Chad, In a previous thread in a different mailing list Lynn Taylor concisely described the SLL process as it relates to IP and IP-less domains. It so accurately described the process I saved it for posterity.
====[From a discussion with "Lynn W. Taylor" <[EMAIL PROTECTED]>]===== Certificates are bound to domain names, no question. SSL connections are negotiated by IP address, before the domain name is passed. So, the TCP SYN packet comes in, the SYN+ACK goes back, the ACK comes in, and then SSL encryption starts. After the encryption is started, it checks the domain name on the certificate. So it stands to reason that you can put a certificate on any IP, and you can change the IP -- you just can't have more than one certificate on a single IP address+Port number. Note that this is true on any OS and any web server. ==================[ end discussion ]========================== So in your example (http://www/form.cfm) the data passed from the server to the browser is NOT encrypted since you did not negotiate for a secure connection and the browser will not indicate that it is secure. If there is nothing in the data used to display the form that needs to be secure then it is technically OK, however, the user cannot tell if the data he is entering will be sent back via a secure connection unless he looks at the form code. Best regards, Dennis Powers UXB Internet - A Web Design and Hosting Company tel: (203)879-2844 fax: (203)879-6254 http://www.uxbinternet.com/ http://dennis.uxb.net/ -----Original Message----- From: Chad Gray [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 30, 2002 10:56 AM To: CF-Talk Subject: SSL on form submission Im wondering if when a form is submitted at what point do you request SSL? Do you want the form to be covered under SSL as the user is filling it out? https://www/form.cfm Or do you leave the form http://www/form.cfm and use <form action="https://www/action.cfm"; method="POST"> enough to encrypt the data being passed to the action page? Just curious.... ______________________________________________________________________ This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
