Actually URLs are. You are using an SSLSocket.
Oh, right. Sorry, I had my head temporarily in, uh, a hole in the ground :)
My paranoia comes from URLs sometimes being forwarded after decryption, say, behind a firewall. Apache, for one, logs URLs to the access log if configured to do so, so your URL might end up being recorded. That's bad news if there's sensitive data on a machine that gets compromised.
Sorry for the confusion: URLs across SSL are definately encrypted. Thanks for the correction.
-chris
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
