Michael Sweeney wrote:

>Your form action parameter has an absolute url specifying an https
>protocol. When the browser submits the form, it uses the url you specify
>which is https. So the request is going to be encrypted. You might
>consider serving the form page from https as well to kind of tighten
>things up a little

What is tightened up exactly? The original poster is probably trying to 
avoid SSL everywhere possible, thus the question. This is a very 
considerate approach, because SSL more than triples the amount of time 
taken to complete the HTTP transaction. He's trying to be polite to his 
users, rather than using SSL on one more page just to be safe, which is 
a tactic I applaud.

>encrypted connection. Your main problem is going to be the fact that the
>http and https services are accessing two different file system spaces
>(or they should be unless you've got your server badly misconfigured)

Why would you consider this badly misconfigured? I would wager that 
*most* Web sites use the same document root for both http and https. Do 
you think this is insecure? Remember, the reason for using SSL is to 
protect the data during transmission, *not* the data sitting on the 
server, wherever that may be.


PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to