> You are correct, that is why I am asking questions, but I am > confused, does SSL do a hash of the data, transmit it, then > do another hash of the data, and notify you if the data was > changed while in transit?
Not exactly. What it does do, is use a public-private key pair to sign and decrypt data. Given the public key, the client encrypts and signs the data, which can then only be decrypted using the private key. This process does, however, provide a sufficient guarantee (for most purposes) of data integrity. Read this for more details: http://en.wikipedia.org/wiki/Secure_Sockets_Layer But even if it didn't, you could not trust the integrity of any hashing functionality you run on the client, because you can't trust ANYTHING that runs on the client. The client is an untrustworthy environment. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Create robust enterprise, web RIAs. Upgrade to ColdFusion 8 and integrate with Adobe Flex http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJP Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:286897 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
