Hi Spike! Hows the US? Got your Visa Yet? Your correct, the browser "should" not send any data or even a HTTP packet at all, if the TLS connection could not be made. The point is this is TCP/IP stuff it sitts bellow anything that we normaly play with probably below the browser as well. TCP/IP Packets carry the HTTP packet which in turn carries the form data.
For more reading: http://www.ietf.org/ Gary ----- Original Message ----- From: "Stephen Milligan" <[EMAIL PROTECTED]> To: "CFAussie Mailing List" <[EMAIL PROTECTED]> Sent: Wednesday, April 21, 2004 9:01 AM Subject: [cfaussie] Re: [OT] SSL > Just to be clear, > > My understanding has been that you don't need to secure the form from a > security point of view. You need to secure it from a user confidence point > of view. > > Regardless of whether the form is encrypted or not, as long as the action > page uses SSL no-one can snoop on the data being sent across the wire. > > The only other compelling reason I can think of to use SSL for the form page > is because you then know that a secure session can be established before you > try to send any sensitive data across the wire. I don't know enough about > it, but I'd expect that if the browser couldn't establish as secure > connection to the server it would not attempt to send anything. That's > relying on the implementation of the web browser though which might not be > the best thing. > > Spike > > >-----Original Message----- > >From: [EMAIL PROTECTED] > >[mailto:[EMAIL PROTECTED] On Behalf Of > >G A R Y C R O U C H [ A I T ] > >Sent: Tuesday, April 20, 2004 2:51 PM > >To: CFAussie Mailing List > >Subject: [cfaussie] Re: [OT] SSL > > > >OK, having writen an paper last year on SSL or we should be > >calling it by its new name TLS (Transport Layer Security). I > >can comment with some confidence on this. > > > >Taco; You are correct. ill explain why. > > > >When the user submits the page with the form the first thing > >that happens down inside the TCP/IP stack (in the TRANSPORT > >layer for thoughts that want to know) SSL/TLS is turned on, > >this is when the client and host computers are hand-shaking, > >before the HTTP packet has been sent ove the connection. > >after the SSL / TLS connection has been made the HTTP packet > >will be delivered using the secured connection. just as the > >same as doing a <chhttp> to a https:// connection with post-form data. > > > >Point is we always secure the form as well to give the user > >confidence that the information is over a secure connection. > > > >Hope this is understandable. > > > >----- Original Message ----- > >From: "Taco Fleur" <[EMAIL PROTECTED]> > >To: "CFAussie Mailing List" <[EMAIL PROTECTED]> > >Sent: Wednesday, April 21, 2004 8:04 AM > >Subject: [cfaussie] Re: [OT] SSL > > > > > >That's what I thought, but I have several people telling me > >otherwise, can you really confirm this? i.e. are you certain? > > > >Cheers. > > > >-----Original Message----- > >From: Gary Menzel [mailto:[EMAIL PROTECTED] > >Sent: Wednesday, 21 April 2004 8:02 AM > >To: CFAussie Mailing List > >Subject: [cfaussie] Re: [OT] SSL > > > > > >> I could be totally wrong here, but I was under the > >impression that for > >> a > >form to be secure it had to be posted from within SSL, > >> but I have been hearing that I am wrong, and that even if its posted > >from outside SSL to SSL the connection is secure. Could > >> someone confirm one or the other? > > > >It is my understanding that the form itself MUST be already in > >SSL for the process to be secure. > > > >Again, the story goes that it is that both the pages involved > >must be under SSL. > > > > > >Gary Menzel > >Web Development Manager > >IT Operations Brisbane -+- ABN AMRO Morgans Limited Level 29, > >123 Eagle Street BRISBANE QLD 4000 > >PH: 07 333 44 828 FX: 07 3834 0828 > > > > > > > >To unsubscribe from this email please forward this email to: > >[EMAIL PROTECTED] > > > >If this communication is not intended for you and you are not > >an authorised recipient of this email you are prohibited by > >law from dealing with or relying on the email or any file > >attachments. This prohibition includes reading, printing, > >copying, re-transmitting, disseminating, storing or in any > >other way dealing or acting in reliance on the information. > >If you have received this email in error, we request you > >contact ABN AMRO Morgans Limited immediately by returning the > >email to [EMAIL PROTECTED] and destroy the original. > >We will refund any reasonable costs associated with notifying > >ABN AMRO Morgans. This email is confidential and may contain > >privileged client information. ABN AMRO Morgans has taken > >reasonable steps to ensure the accuracy and integrity of all > >its communications, including electronic communications, but > >accepts no liability for materials transmitted. Materials may > >also be transmitted without the knowledge of ABN AMRO Morgans. > > ABN AMRO Morgans Limited its directors and employees do not > >accept liability for the results of any actions taken or not > >on the basis of the information in this report. ABN AMRO > >Morgans Limited and its associates hold or may hold securities > >in the companies/trusts mentioned herein. Any recommendation > >is made on the basis of our research of the investment and may > >not suit the specific requirements of clients. Assessments of > >suitability to an individual?s portfolio can only be made > >after an examination of the particular client?s investments, > >financial circumstances and requirements. > >ABN AMRO Morgans Limited (ABN 49 010 669 726 AFSL 235410) A > >Participant of ASX Group > > > > > >--- > >You are currently subscribed to cfaussie as: > >[EMAIL PROTECTED] To unsubscribe send a blank email to > >[EMAIL PROTECTED] > > > >MXDU2004 + Macromedia DevCon AsiaPac + Sydney, Australia > >http://www.mxdu.com/ + 24-25 February, 2004 > > > >--- > >You are currently subscribed to cfaussie as: [EMAIL PROTECTED] To > >unsubscribe send a blank email to > >[EMAIL PROTECTED] > > > >MXDU2004 + Macromedia DevCon AsiaPac + Sydney, Australia > >http://www.mxdu.com/ + 24-25 February, 2004 > > > > > > > >--- > >You are currently subscribed to cfaussie as: > >[EMAIL PROTECTED] To unsubscribe send a blank email to > >[EMAIL PROTECTED] > > > >MXDU2004 + Macromedia DevCon AsiaPac + Sydney, Australia > >http://www.mxdu.com/ + 24-25 February, 2004 > > > --- > You are currently subscribed to cfaussie as: [EMAIL PROTECTED] > To unsubscribe send a blank email to [EMAIL PROTECTED] > > MXDU2004 + Macromedia DevCon AsiaPac + Sydney, Australia > http://www.mxdu.com/ + 24-25 February, 2004 > --- You are currently subscribed to cfaussie as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] MXDU2004 + Macromedia DevCon AsiaPac + Sydney, Australia http://www.mxdu.com/ + 24-25 February, 2004
