Hello Adam,
Well yes, in case of SSL (secure socket Layer) all your form
content along with the page header will go in an encrypted format. If
you want to know in detail how SSL works then here goes the entire
explanation
SSL is based on the Public Key crypto system with following
steps
1. When you type an SSL URL, the browser sends a hello message to the
server.
2. The server then sends its own Certificate and a random nonce
encrypted with its public Key.
3. The browser gets the Server certificate. Verifies it. Gets the public
Key from the certificate and authenticates the server
4. The client then makes an MASTER KEY and encrypts it with the server
public key. It sends its own certificate to the server. And also a nonce
encrypted with its own public key.
5. Now server takes the client certificate. Verifies it. Gets the public
key of client from the certificate and authenticates the client.
6. Now the server knows the client public key, so it just decrypts the
encrypted Master Key. this master key then becomes the secret key for
further transactions between the client and server.
Naveen Punjabi
USC, Computer Science
http://www-scf.usc.edu/~npunjabi
-----Original Message-----
From: Bill Barker [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 21, 2003 7:59 PM
To: [EMAIL PROTECTED]
Subject: Re: encrypting a form's action URL with HTTPS link
"Adam Hardy" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
>
>
> Hi All,
>
> I am trying to work out whether my form submission is sent encrypted
in
> SSL or not.
>
> If I code my form like this:
>
> <form method="POST" action="https://localhost:8443/sslform";>
>
> will it actually be encrypted?
>
Yes.
> When I click submit, the browser pops up a certificate dialog box
(since
> I'm not using verisign) and then the message that I'm visiting a
secure
> form.
>
> This makes me think that the request has been sent unencrypted first
to
> the server, which has responded in SSL with the certificate.
>
> Is that so?
No. All of that traffic is the SSL-handshake between your browser and
Tomcat. Your browser won't send the actual request to Tomcat until
after
all of the popups.
>
> Thanks
> Adam
>
> PS is there a tool like wget or perhaps a way of using wget, where I
can
> specify form elements in a request and see the contents & config of
the
> server's response?
>
> --
> struts 1.1 + tomcat 5.0.12 + java 1.4.2
> Linux 2.4.20 RH9
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
