But from the users perspective, the form is NOT secure (no warm, fuzzy lock icon) and they don't know (or have any reason to then expect) that the form submission will be secure...
> Ah... Thanks guys... My curiosity is cured. > > That was going to bug me the rest of the day... :) > > > > -----Original Message----- > From: Christopher Olive [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, July 30, 2002 10:27 AM > To: CF-Talk > Subject: RE: SSL on form submission > > that's not strictly correct. (before i begin, i always SSL the form > itself, > since it gives the users warm fuzzies). > > when a user calls up a form and enters data into it, the data is still > on > their local PC. it has not gone "over the wire" yet. if the form's > action > page is HTTPS, when the user submits the form, the request *and all its > data* are encrypted. > > but, as i said, i prefer to encrypt the form so the user can see the > little > glowing lock (or whatnot) and feel good. > > chris > > -----Original Message----- > From: Joel Firestone [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, July 30, 2002 11:17 AM > To: CF-Talk > Subject: Re: SSL on form submission > > > Well, if I understand it correctly, the SSL secures the data being > transferred. > If you only use it on the action page, and not the submission itself, > the > data going from form.cfm to action.cfm would not be secure. But if > form.cfm > is in SSL, then it would be secure. > > HTH > > ----- Original Message ----- > From: "Chad Gray" <[EMAIL PROTECTED]> > To: "CF-Talk" <[EMAIL PROTECTED]> > Sent: Tuesday, July 30, 2002 11:05 AM > Subject: RE: SSL on form submission > > > > That is the safe way I would assume.. but is it necessary? > > > > > > > > -----Original Message----- > > From: Joel Firestone [mailto:[EMAIL PROTECTED]] > > Sent: Tuesday, July 30, 2002 9:58 AM > > To: CF-Talk > > Subject: Re: SSL on form submission > > > > I always do it for the form. The submission would then be protected. > > > > HTH > > > > ----- Original Message ----- > > From: "Chad Gray" <[EMAIL PROTECTED]> > > To: "CF-Talk" <[EMAIL PROTECTED]> > > Sent: Tuesday, July 30, 2002 10:55 AM > > Subject: SSL on form submission > > > > > > > Im wondering if when a form is submitted at what point do you > request > > > SSL? > > > > > > Do you want the form to be covered under SSL as the user is filling > it > > > out? https://www/form.cfm > > > > > > Or do you leave the form http://www/form.cfm and use > > > <form action="https://www/action.cfm"; method="POST"> enough to > encrypt > > > the data being passed to the action page? > > > > > > Just curious.... > > > > > > > > > > > > > > > > > > > > > > ______________________________________________________________________ Get the mailserver that powers this list at http://www.coolfusion.com FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
