While the username and password are one part of the equation, it needs also to be borne in mind the role that the session cookie plays in maintaining a logged in user.
In this regard you would be better off being in SSL whenever the session cookie is first sent to the client. Cheers --- Ben Koshy <[EMAIL PROTECTED]> wrote: > The Key is exchanged before the data transfer, so > Tony's suggestion is > technically correct and so is Bruces. However > Bruce's suggestion, > allows the user to see that the data he's submitting > will be secured > (although it's a false sense of security since the > web developer could > err and form post via http -- but most browsers have > a warning when you > leave/enter a secure site but then again, we tend to > turn these warnings > off pretty fast), so the user gets the comfort that > he's in a secure > section of the site, as indicated by the browser's > "Lock" Icon in IE (I > miss Netscapes Blue Secure stripe!). > > -----Original Message----- > From: Andy Ousterhout [mailto:[EMAIL PROTECTED] > Sent: Saturday, February 22, 2003 7:15 AM > To: CF-Talk > Subject: RE: HTTPS > > > Trying to reconcile the two responses, when and > where is the encryption > performed? For example if the logon screen is HTTP, > now does the client > know the key to use for HTTPS encryption? Or, does > the form screen need > to also be HTTPS so that it can encrypt the results. > > Andy > > -----Original Message----- > From: Bruce Sorge [mailto:[EMAIL PROTECTED] > Sent: Saturday, February 22, 2003 7:43 AM > To: CF-Talk > Subject: Re: HTTPS > > > The login screen. If you are using just HTTP, you > are transmitting > information in the clear. If you are using HTTPS, > then you are already > in the secure environment and the transmission is > encrypted. > ----- Original Message ----- > From: "Andy Ousterhout" <[EMAIL PROTECTED]> > To: "CF-Talk" <[EMAIL PROTECTED]> > Sent: Saturday, February 22, 2003 7:36 AM > Subject: HTTPS > > > > For proper security, should your login screen be > called using HTTPS as > well as > > the action screen or just the login action screen? > > > > http://www.domain.com/login.cfm > > > > Or > > > > https://www.domain.com/login.cfm > > > > Andy > > > > > > __________________________________________________ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
