in fact... this is getting confusing, cos i get 2 different response from different people. so far, i have 3 person telling me that the data will be encrypted and 1 person (you know who ;) telling me otherwise.
<@snip1> I beleive the answer to your question is yes, the data from the form would be encrypted </@snip1> <@snip2> Yes it will be encrypted...when the browser sends to HTTPS it must (by definition) use SSL to communicate and will there for be encrypted...you traffic will look like: C = Client S = Server C -> S Form Request S -> C Form C -> S SSL Connect S -> C SSL Certificate C -> S SSL Form Submit S -> C Form Result page </@snip2> <@snip3> Your form action parameter has an absolute url specifying an https protocol. When the browser submits the form, it uses the url you specify which is https. So the request is going to be encrypted. You might consider serving the form page from https as well to kind of tighten things up a little, but the data will be posted under https which is an encrypted connection. </@snip3> for once, how i wish you would have said "yes, it does encrypt". ;) Scott Cadillac wrote: >Hi Lance, > >I think I follow what you are trying to do and no it won't work. :-] > >If you open an HTTPS page on Domain1 - your browser has negotiated >encryption keys exclusively for just that site (based on the domain name). >So, if you Post your form to an HTTPS page on Domain2 (a different domain >name), then your browser won't have 'keys' for Domain2 and so the form data >is sent un-encrypted. > >Remember, encryption keys for a particular domain can't be obtained until >the first time you open an HTTPS page for that domain - only after being on >an HTTPS page can you then send encrypted data back to that domain. > >Hope this helps a little. Cheers... > >Scott Cadillac >http://xml-extra.net > > ________________________________________________________________________ TO UNSUBSCRIBE: send a plain text/US ASCII email to [EMAIL PROTECTED] with unsubscribe witango-talk in the message body
