Let me see if I understand. When information is being set to a HTTPS page, the browser first goes to the server to get the key, then sends the information encrypted.
Is this correct? Andy -----Original Message----- From: Ben Koshy [mailto:[EMAIL PROTECTED] Sent: Saturday, February 22, 2003 9:33 AM To: CF-Talk Subject: RE: HTTPS The Key is exchanged before the data transfer, so Tony's suggestion is technically correct and so is Bruces. However Bruce's suggestion, allows the user to see that the data he's submitting will be secured (although it's a false sense of security since the web developer could err and form post via http -- but most browsers have a warning when you leave/enter a secure site but then again, we tend to turn these warnings off pretty fast), so the user gets the comfort that he's in a secure section of the site, as indicated by the browser's "Lock" Icon in IE (I miss Netscapes Blue Secure stripe!). -----Original Message----- From: Andy Ousterhout [mailto:[EMAIL PROTECTED] Sent: Saturday, February 22, 2003 7:15 AM To: CF-Talk Subject: RE: HTTPS Trying to reconcile the two responses, when and where is the encryption performed? For example if the logon screen is HTTP, now does the client know the key to use for HTTPS encryption? Or, does the form screen need to also be HTTPS so that it can encrypt the results. Andy -----Original Message----- From: Bruce Sorge [mailto:[EMAIL PROTECTED] Sent: Saturday, February 22, 2003 7:43 AM To: CF-Talk Subject: Re: HTTPS The login screen. If you are using just HTTP, you are transmitting information in the clear. If you are using HTTPS, then you are already in the secure environment and the transmission is encrypted. ----- Original Message ----- From: "Andy Ousterhout" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Saturday, February 22, 2003 7:36 AM Subject: HTTPS > For proper security, should your login screen be called using HTTPS as well as > the action screen or just the login action screen? > > http://www.domain.com/login.cfm > > Or > > https://www.domain.com/login.cfm > > Andy > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
