Hello Adam, Well yes, in case of SSL (secure socket Layer) all your form content along with the page header will go in an encrypted format. If you want to know in detail how SSL works then here goes the entire explanation
SSL is based on the Public Key crypto system with following steps 1. When you type an SSL URL, the browser sends a hello message to the server. 2. The server then sends its own Certificate and a random nonce encrypted with its public Key. 3. The browser gets the Server certificate. Verifies it. Gets the public Key from the certificate and authenticates the server 4. The client then makes an MASTER KEY and encrypts it with the server public key. It sends its own certificate to the server. And also a nonce encrypted with its own public key. 5. Now server takes the client certificate. Verifies it. Gets the public key of client from the certificate and authenticates the client. 6. Now the server knows the client public key, so it just decrypts the encrypted Master Key. this master key then becomes the secret key for further transactions between the client and server. Naveen Punjabi USC, Computer Science http://www-scf.usc.edu/~npunjabi -----Original Message----- From: Bill Barker [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 21, 2003 7:59 PM To: [EMAIL PROTECTED] Subject: Re: encrypting a form's action URL with HTTPS link "Adam Hardy" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > > > Hi All, > > I am trying to work out whether my form submission is sent encrypted in > SSL or not. > > If I code my form like this: > > <form method="POST" action="https://localhost:8443/sslform"> > > will it actually be encrypted? > Yes. > When I click submit, the browser pops up a certificate dialog box (since > I'm not using verisign) and then the message that I'm visiting a secure > form. > > This makes me think that the request has been sent unencrypted first to > the server, which has responded in SSL with the certificate. > > Is that so? No. All of that traffic is the SSL-handshake between your browser and Tomcat. Your browser won't send the actual request to Tomcat until after all of the popups. > > Thanks > Adam > > PS is there a tool like wget or perhaps a way of using wget, where I can > specify form elements in a request and see the contents & config of the > server's response? > > -- > struts 1.1 + tomcat 5.0.12 + java 1.4.2 > Linux 2.4.20 RH9 --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]