On Tue, Oct 02, 2001 at 08:23:18PM -0700, Robert Mazur wrote:
> Now, is that going to cause a ssl certificate problem, when the user
> establishes a ssl connection with me (mydomain.com), but the page actually
> submits to the bank, rather than back to me?
No, it won't cause a certificate problem if both certificates are valid
for their respective domains. A certificate is checked for the server the
browser is connecting, it doesn't matter where it has been. (Although
some browsers show a warning if a switch from a ssl server to a non-ssl
server occurs.)
> Wow, am I going to have a problem here?
Well, you mught. How do you know that the client really paid to the bank?
You can't trust Referers, etc. It can be done securelly, I'm just trying
to make you revise it against any possible failures. :)
hugs
Luciano Rocha
--
Luciano Rocha, [EMAIL PROTECTED]
The trouble with computers is that they do what you tell them, not what
you want.
-- D. Cohen
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
