The Key is exchanged before the data transfer, so Tony's suggestion is technically correct and so is Bruces. However Bruce's suggestion, allows the user to see that the data he's submitting will be secured (although it's a false sense of security since the web developer could err and form post via http -- but most browsers have a warning when you leave/enter a secure site but then again, we tend to turn these warnings off pretty fast), so the user gets the comfort that he's in a secure section of the site, as indicated by the browser's "Lock" Icon in IE (I miss Netscapes Blue Secure stripe!).
-----Original Message----- From: Andy Ousterhout [mailto:[EMAIL PROTECTED] Sent: Saturday, February 22, 2003 7:15 AM To: CF-Talk Subject: RE: HTTPS Trying to reconcile the two responses, when and where is the encryption performed? For example if the logon screen is HTTP, now does the client know the key to use for HTTPS encryption? Or, does the form screen need to also be HTTPS so that it can encrypt the results. Andy -----Original Message----- From: Bruce Sorge [mailto:[EMAIL PROTECTED] Sent: Saturday, February 22, 2003 7:43 AM To: CF-Talk Subject: Re: HTTPS The login screen. If you are using just HTTP, you are transmitting information in the clear. If you are using HTTPS, then you are already in the secure environment and the transmission is encrypted. ----- Original Message ----- From: "Andy Ousterhout" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Saturday, February 22, 2003 7:36 AM Subject: HTTPS > For proper security, should your login screen be called using HTTPS as well as > the action screen or just the login action screen? > > http://www.domain.com/login.cfm > > Or > > https://www.domain.com/login.cfm > > Andy > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
