httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Nicholas Irving" <nirv...@exaol.com>
Subject RE: RE : HTTP to HTTPS forms submission
Date Mon, 29 Jul 2002 08:29:07 GMT
Well you learn something new everyday.

Thanks for all your help.

Nicholas Irving
nirving@exaol.com

-----Original Message-----
From: Boyle Owen [mailto:Owen.Boyle@swx.com]
Sent: 29 July 2002 08:38
To: users@httpd.apache.org
Subject: RE: RE : HTTP to HTTPS forms submission


>From: Laurent [mailto:lol_apache@no-log.org]
>
>I think the secured-connection is established before send any
>request. So,
>your form is encoded with your cetificate.

This is correct. The empty form comes from an HTTP server so is transmitted
en clair. However, the form action is a GET or POST request to an HTTPS
server so your browser must establish an encrypted SSL channel *before*
sending the request which contains the form parameters. So your data does go
encrypted...

This is a confusing issue and it is not helped by the fact that most
browsers only show their padlock icon (indicating SSL) *after* they have
completed the request - i.e. the padlock doesn't click shut when you click
submit - it only does so when the acknowledgement comes back.

Rgds,

Owen Boyle


>-----Message d'origine-----
>De : Nicholas Irving [mailto:nirving@exaol.com]
>Envoyé : dimanche 28 juillet 2002 15:09
>À : users@httpd.apache.org
>Objet : HTTP to HTTPS forms submission
>
>hi all,
>I  am trying to find an answer to this, and I apologise in
>advance if this
>is off topic.
>I have a page that is being served from
>http://www.isnomore.co.uk/ which
>contains a form with the action
>https://www.isnomore.co.uk/cgi-bin/login/.pl Now my question is, is the
>form being sent in ClearText or encoded with my server certificate? I
>cannot seem to find anywhere that answers this question.
>My knowledge is that since the form did not come from a secure
>environment
>it will be submitted as clear text.
>Thanks in advance.
>
>Nicholas Irving
>nirving@isnomore.co.uk
>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message