HTTP request ---> HTTPS page


Web tier: servlets, JSP, Web frameworks: HTTP request ---> HTTPS page

  1. HTTP request ---> HTTPS page (1 messages)


    is this safe to have an HTTP request send to an HTTPs page to process? let say i have a request send from an HTTP page to an HTTPs page, will the data sent from the HTTP page be safe? I doubt it....

    this is what i find in, and
    other sites are doing that also..

    have any clue?

  2. HTTP request ---> HTTPS page[ Go to top ]

    I should think it will be safe - as in, the SSL handshake will authenticate the server and the data will be sent encrypted.

    The other way round is a problem, though - if you get an HTML page with a form through an https connection, but the form action specifies an http url. Which means, the blank form is downloaded to the browser over an ssl connection, but the filled-in form is sent to the server in the clear.