Ah, miguel....
good to have you back.
I missed your lovingly superior painstaking attention to detail :-)


>From: Miguel Cruz <[EMAIL PROTECTED]>
> > if the browser is making a request, and it sees an https:// at the 
> > of the request URL, it will :
> > 1.  get the domain's public key from a public key server
> > 2.  encrypt the whole request with the domain's public key
> > 3.  submit it to the web server.
>We have public key servers?
>Around these parts the client and server use a self-contained process to
>handle the key exchange. The server's key has been signed by a certificate
>authority (Verisign, etc.) whose public key is already stored in the
>browser... or not, in which case the client alerts the user and generally
>continues nevertheless.
> > If the web server sees that this is an encrypted request, it will :
> > 1.  decrypt the request with it's private key
> > 2.  process it and generate a response (usually in the form of html)
> > 3.  encrypt the response with it's private key
> > 4.  send it back to the browser
>Sort of. The server's key is used to encrypt the exchange of a new key
>which lasts only for the lifetime of the transaction. This ephemeral key
>is what's used to encrypt the actual data. But this nuance is probably not
>very important to understanding the practical issues of working with PHP
>and HTTPs.
> > Now, one of the things that many people are confused about is that they
> > think there must be a lock icon at the bottom of the browser when they
> > are entering sensitive info (like credit card numbers).  Nope.  The only
> > important thing is that the form which takes the sensitive data SUBMITS
> > to an https:// URL.  Because (as above) it will encrypt the request
> > (which includes the sensitive data) BEFORE it submits it over the
> > internet.  But most people don't know how to check that a form submits
> > to an to an https:// URL.
>Yup. You'd think that the browser developers would come up with a way to
>indicate this (mouse pointer turning to a lock when hovering over a submit
>button, etc.).
>PHP General Mailing List (http://www.php.net/)
>To unsubscribe, visit: http://www.php.net/unsub.php

Join the world’s largest e-mail service with MSN Hotmail. 

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to