Trying to reconcile the two responses, when and where is the encryption performed? For example if the logon screen is HTTP, now does the client know the key to use for HTTPS encryption? Or, does the form screen need to also be HTTPS so that it can encrypt the results.
Andy -----Original Message----- From: Bruce Sorge [mailto:[EMAIL PROTECTED] Sent: Saturday, February 22, 2003 7:43 AM To: CF-Talk Subject: Re: HTTPS The login screen. If you are using just HTTP, you are transmitting information in the clear. If you are using HTTPS, then you are already in the secure environment and the transmission is encrypted. ----- Original Message ----- From: "Andy Ousterhout" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Saturday, February 22, 2003 7:36 AM Subject: HTTPS > For proper security, should your login screen be called using HTTPS as well as > the action screen or just the login action screen? > > http://www.domain.com/login.cfm > > Or > > https://www.domain.com/login.cfm > > Andy > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
