Yikes,
after Gary's comment saying "Taco; You are correct." I
quickly flamed the people that were saying I was incorrect, now I'll look like a
fool (I normally do anyway so no biggie there ;-)..
So it
does not matter in respect to security if the form is posted from a non SSL site
to an SSL site. Cool, after working with the web for 9 years I learn something I
thought I was pretty sure about how it worked...... What a complete failure I am
;-((
--------Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Mike Everest
Sent: Wednesday, 21 April 2004 9:03 AM
To: CFAussie Mailing List
Subject: [cfaussie] RE: [OT] SSLHi Taco,what you are ghearing is correct. if the form is POSTed via SSL, then the data transfer os encrypted. it matters not whether the form itself has been delivered to the browser via http or https.another common misconception is that with ssl, the data transfer is encrypted in BOTH directions, from the browser to the server AND the response back to the browser.however, you need to consider the user expereince - who's going to enter a credit card number into a web page that isn't secured? for me, it matters zip whether text on the page claims that when i click the 'pay' button it will go to ssl. if it's not a padlocked page, then i won't enter stuff into it.i think that would be a common position for most people, so that although /technically/ your form doesn't need to be secured, /practically/ it probably should be.cheers, Mike.+----------------------------------------------------+| VeriPay mPOS – Anywhere, Anytime || Puts money in your bank while you’re on the road || Secure Credit Card Transactions via SMS messaging || From Xilo Online www.xilo.com/mpos |+----------------------------------------------------+-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Taco Fleur
Sent: Wednesday, 21 April 2004 7:44 AM
To: CFAussie Mailing List
Subject: [cfaussie] [OT] SSLI could be totally wrong here, but I was under the impression that for a form to be secure it had to be posted from within SSL, but I have been hearing that I am wrong, and that even if its posted from outside SSL to SSL the connection is secure. Could someone confirm one or the other?
---
You are currently subscribed to cfaussie as: [EMAIL PROTECTED]
To unsubscribe send a blank email to [EMAIL PROTECTED]
MXDU2004 + Macromedia DevCon AsiaPac + Sydney, Australia
http://www.mxdu.com/ + 24-25 February, 2004
You are currently subscribed to cfaussie as: [EMAIL PROTECTED]
To unsubscribe send a blank email to [EMAIL PROTECTED]
MXDU2004 + Macromedia DevCon AsiaPac + Sydney, Australia
http://www.mxdu.com/ + 24-25 February, 2004
