Helo,
is this safe to have an HTTP request send to an HTTPs page to process? let say i have a request send from an HTTP page to an HTTPs page, will the data sent from the HTTP page be safe? I doubt it....
this is what i find in aolmail.aol.com, and amazon.com.
other sites are doing that also..
have any clue?
thx.
-ljb.
-
HTTP request ---> HTTPS page (1 messages)
- Posted by: hoi tsang
- Posted on: September 19 2002 22:31 EDT
Threaded Messages (1)
- HTTP request ---> HTTPS page by Ravi Shankar on September 20 2002 08:16 EDT
-
HTTP request ---> HTTPS page[ Go to top ]
- Posted by: Ravi Shankar
- Posted on: September 20 2002 08:16 EDT
- in response to hoi tsang
I should think it will be safe - as in, the SSL handshake will authenticate the server and the data will be sent encrypted.
The other way round is a problem, though - if you get an HTML page with a form through an https connection, but the form action specifies an http url. Which means, the blank form is downloaded to the browser over an ssl connection, but the filled-in form is sent to the server in the clear.