A question about SSL...
When is the information that is sent by https actually encrypted? If you request https://www.ordersomethingonline.com/
and it's an order form asking for your credit card number and it's sent to http://www.ordersomethingonline.com/cgi-bin/process.cgi
(notice the http instead of https on the cgi call) does that mean:
a. The original form is encrypted when it's sent to the user before he fills it out but then what he actually fills out on the form is NOT encrypted when it's sent to the cgi script
b. The content the user types into the form is encrypted when it's sent to the cgi script, but whatever the cgi script echoes back as confirmation is NOT encrypted?