Just something to note, but the form, when displayed, won't have the "lock" or "key" or whatever, signifying a secure connection to the user. Depending on what kind of data you are collecting, this could be an issue. Most people probably won't notice, but if you're serving a smarter crowd, they may be hesitant to submit their form data, thinking it's going over an unsecured link...
---John Holmes... > -----Original Message----- > From: B.C. Lance [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, July 02, 2002 1:13 PM > To: [EMAIL PROTECTED] > Subject: Re: [PHP] does a form submit from a http page to a https ensure > secure data? > > thanks for the insights. :) > > basically the 2 files are from 2 different domains saving to the same > database server. the 2 sites share the same userbase. and when the > registration form is submitted to the 2nd site, upon successful > registration, it will redirect back to the 1st site and display a > success page. otherwise it will redirect back to the 1st site and > prompting them an error. > > you probably wonder why the complexity of the above scenario. basically > the 2nd site has a ssl cert while the 1st site doesn't. so as a cost > saving measure, the 1st site will be using the 2nd site's ssl cert to > complete the user registration process. > > hope the above make sense to you. > > lance > > Michael Sweeney wrote: > > >Your form action parameter has an absolute url specifying an https > >protocol. When the browser submits the form, it uses the url you specify > >which is https. So the request is going to be encrypted. You might > >consider serving the form page from https as well to kind of tighten > >things up a little, but the data will be posted under https which is an > >encrypted connection. Your main problem is going to be the fact that the > >http and https services are accessing two different file system spaces > >(or they should be unless you've got your server badly misconfigured) so > >the http://...register.php is going to be a different file from the > >https://...register.php. You might want to reconsider your design. > > > >..mike.. > > > >On Tue, 2002-07-02 at 04:21, B.C. Lance wrote: > > > > > >>hi, > >> > >>the above question has been puzzling me for a while. the situation is > this. > >> > >>http://domainname.com/register.php > >>display a user registration form having > >>[form action="https://domainname.com/register.php"; method="post"] > >> > >>will the data from that page be encrypted when it is sent via https > >>specified in the [form] action? > >> > >>note: the registration form is served from http. > >> > >>could someone enlighten me on this? > >> > >>regards, > >>b.c. lance > >> > >> > >>-- > >>PHP General Mailing List (http://www.php.net/) > >>To unsubscribe, visit: http://www.php.net/unsub.php > >> > >> > > > > > > > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
