Hi Taco, what you are ghearing is correct. if the form is POSTed via SSL, then the data transfer os encrypted. it matters not whether the form itself has been delivered to the browser via http or https. another common misconception is that with ssl, the data transfer is encrypted in BOTH directions, from the browser to the server AND the response back to the browser. however, you need to consider the user expereince - who's going to enter a credit card number into a web page that isn't secured? for me, it matters zip whether text on the page claims that when i click the 'pay' button it will go to ssl. if it's not a padlocked page, then i won't enter stuff into it. i think that would be a common position for most people, so that although /technically/ your form doesn't need to be secured, /practically/ it probably should be. cheers, Mike. +----------------------------------------------------+ | VeriPay mPOS - Anywhere, Anytime | | Puts money in your bank while you're on the road | | Secure Credit Card Transactions via SMS messaging | | From Xilo Online www.xilo.com/mpos | +----------------------------------------------------+
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Taco Fleur Sent: Wednesday, 21 April 2004 7:44 AM To: CFAussie Mailing List Subject: [cfaussie] [OT] SSL I could be totally wrong here, but I was under the impression that for a form to be secure it had to be posted from within SSL, but I have been hearing that I am wrong, and that even if its posted from outside SSL to SSL the connection is secure. Could someone confirm one or the other? --- You are currently subscribed to cfaussie as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] MXDU2004 + Macromedia DevCon AsiaPac + Sydney, Australia http://www.mxdu.com/ + 24-25 February, 2004
<<attachment: winmail.dat>>
--- You are currently subscribed to cfaussie as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED]
MXDU2004 + Macromedia DevCon AsiaPac + Sydney, Australia http://www.mxdu.com/ + 24-25 February, 2004
