Solved

Where does the encryption happen with SSL?

Posted on 2000-03-06
2
184 Views
Last Modified: 2013-12-25
A question about SSL...

When is the information that is sent by https actually encrypted?  If you request https://www.ordersomethingonline.com/ and it's an order form asking for your credit card number and it's sent to http://www.ordersomethingonline.com/cgi-bin/process.cgi (notice the http instead of https on the cgi call) does that mean:

a. The original form is encrypted when it's sent to the user before he fills it out but then what he actually fills out on the form is NOT encrypted when it's sent to the cgi script

or...

b. The content the user types into the form is encrypted when it's sent to the cgi script, but whatever the cgi script echoes back as confirmation is NOT encrypted?
0
Comment
Question by:rmacmich
2 Comments
 
LVL 8

Accepted Solution

by:
jhurst earned 75 total points
ID: 2589599
The browser encrypts and dcrypts data just before sending it when the connection is https, and DOES NOT for HTTP.  So, if the submission of the form is to a http-site - your credit card information is being sent in clear text format.

Realistically there is little risk of someone seeing it.  I think the risk is much less than some wait-person making an extra copy of your credit card in a restuarant etc.  

If you note all of the breaches so far have not been in the transmission of the information but of the information when it arrived and was stored at the server site.  https does not solve this problem.
0
 

Author Comment

by:rmacmich
ID: 2591628
Jhurst -- thanks.  I appreciate your answer and agree with you on both points you made.  :)

Have a good one.

0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

In this tutorial I will focus on how to use WhizBase as a tool for sending ICQ messages to ICQ. Here I will use a new technology in WhizBase, published in WhizBase 5.1 version. In this tutorial I will use 3 files, pager.wbsp for the processing, e…
This tutorial will discuss the log-in process using WhizBase. In this article I assume you already know HTML. I will write the code using WhizBase Server Pages, so you need to know some basics in WBSP (you might look at some of my other articles abo…
Learn the basics of lists in Python. Lists, as their name suggests, are a means for ordering and storing values. : Lists are declared using brackets; for example: t = [1, 2, 3]: Lists may contain a mix of data types; for example: t = ['string', 1, T…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now