Jump to content

Recommended Posts

simply question about SSL that I think I already know the answer to...

 

if the user is on the page http://domain.com/page.html

 

and they fill out a form who's action is set to https://domain.com/process_form.php

 

will the data they submit be encrypted?

Link to comment
https://forums.phpfreaks.com/topic/91666-posting-data-to-https-from-http/
Share on other sites

thanks for that well thought out and detailed answer  ;)

 

I've been researching this a little bit and it seems that the data IS encrypted because the SSL "handshake" occurs before the POST data is sent.

 

The one valid sounding objection I read was that, although the data being sent would be encrypted, because the form's action itself is not encrypted, it could be intercepted and modified to redirect the data to another location before the "handshake" takes place.

 

So my understanding is that, in answer to my question, YES post data sent from an http page to an https processing page IS encrypted; HOWEVER, that is only true if the SSL request itself was not hi-jacked before the data is sent.

 

Does this sound right to anyone or have I just confused myself more?

So my understanding is that, in answer to my question, YES post data sent from an http page to an https processing page IS encrypted; HOWEVER, that is only true if the SSL request itself was not hi-jacked before the data is sent.

 

Technically, even if it gets hijacked through man in the middle method, it will still be encrypted. The problem is it will be encrypted by the attacker.  ;D:o

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.