Gary M, Its a transport layer technology, inside TCP/IP nothing to do with HTTP.
Form is delivered to browser insecurely right? the action of this form is https://blablabla to make the connection to the server the client machine has to go down the HTTP stack then Down the TCP stack its in the transport layer of the TCP stack that the TLS connection is made, If you have one already made it will use that, if not it will create a new one. Examples what new connections need to be made:- <cfhttp> posting form fields to a https:// address (the script making the post doesn't need to be secure) When the TSL session has timed out because:- - the user went to make a coffee - lost there connection so their IP address changed (TLS is an IP - IP connection remember Transport Layer right?) The point is the user wont feel safe or believe the session is secure. There is one other reason why I make these forms secure, that's because sometimes I deliver data from a users account on our system in the form which I want to keep safe. if the form was not secure then my data would not be safe. Sorry have 10's of references on this subject on my home PC, not here at the office although there wont be one actually saying what you want to hear its my understanding of how two technologies work together. If I am wrong Ill stand corrected, but I am pretty sure. GC ps was marked at 86% by the lecture, then that don't mean anything as they are often wrong too. ----- Original Message ----- From: "Gary Menzel" <[EMAIL PROTECTED]> To: "CFAussie Mailing List" <[EMAIL PROTECTED]> Sent: Wednesday, April 21, 2004 9:01 AM Subject: [cfaussie] Re: [OT] SSL > Taco; You are correct. ill explain why. <snip> > Point is we always secure the form as well to give the user confidence that > the information is over a secure connection. So, if I am reading you corectly...... Taco is correct in saying that....... If a FORM is submitted to a HTTPS url but was rendered under a call to a HTTP page, that the data is STILL sent using HTTPS and is guaranteed to be secure? If so (not that I doubt your knowledge) can you point us to a standards document that states this? Additionally, I would assume this was not always the case? Because I know I have been educated to believe that a FORM is not secure unless it was rendered through a HTTPS call. If so, at what point/version/release did this change ? Gary Menzel Web Development Manager IT Operations Brisbane -+- ABN AMRO Morgans Limited Level 29, 123 Eagle Street BRISBANE QLD 4000 PH: 07 333 44 828 FX: 07 3834 0828 To unsubscribe from this email please forward this email to: [EMAIL PROTECTED] If this communication is not intended for you and you are not an authorised recipient of this email you are prohibited by law from dealing with or relying on the email or any file attachments. This prohibition includes reading, printing, copying, re-transmitting, disseminating, storing or in any other way dealing or acting in reliance on the information. If you have received this email in error, we request you contact ABN AMRO Morgans Limited immediately by returning the email to [EMAIL PROTECTED] and destroy the original. We will refund any reasonable costs associated with notifying ABN AMRO Morgans. This email is confidential and may contain privileged client information. ABN AMRO Morgans has taken reasonable steps to ensure the accuracy and integrity of all its communications, including electronic communications, but accepts no liability for materials transmitted. Materials may also be transmitted without the knowledge of ABN AMRO Morgans. ABN AMRO Morgans Limited its directors and employees do not accept liability for the results of any actions taken or not on the basis of the information in this report. ABN AMRO Morgans Limited and its associates hold or may hold securities in the companies/trusts mentioned herein. Any recommendation is made on the basis of our research of the investment and may not suit the specific requirements of clients. Assessments of suitability to an individual?s portfolio can only be made after an examination of the particular client?s investments, financial circumstances and requirements. ABN AMRO Morgans Limited (ABN 49 010 669 726 AFSL 235410) A Participant of ASX Group --- You are currently subscribed to cfaussie as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] MXDU2004 + Macromedia DevCon AsiaPac + Sydney, Australia http://www.mxdu.com/ + 24-25 February, 2004 --- You are currently subscribed to cfaussie as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] MXDU2004 + Macromedia DevCon AsiaPac + Sydney, Australia http://www.mxdu.com/ + 24-25 February, 2004
