https form action

Hello.

I need clarification about submitting form data to a secure server. My current paradigm is that in order to submit form data securely, you need to be submitting from a page hosted on a secure server, such as https://domain.com, and submitting to a page on that server.

But I just went to a website that claims that, "The form is submitted using an HTTPS form action. All sensitive data is encrypted before transmission and is never sent as clear-text." The page the form is on does not appear to on a secure server, that is, the URL looks like http://domain.com/form.html. I looked at the source code, and the form is posting to a secure server, action="https://secure.domain.com/gateway.

Is this arrangement possible? It would seem that you couldn't establish an encryption scheme until after you have arrived at a page on the secure server. Would this arrangement cause any kind of warning message when a form is submitted?
sentientearthAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

strickddCommented:
With a secure connection the sending and recieving page have to be https://. However it is possible, if the two sites are on the same server to send information to an https:// page from one that is. Being on the same server will make it secure. Then when the https:// page is called, it will usually call another encrypted page and passback any information to the http:// page.
0
sentientearthAuthor Commented:
Hmm. Wouldn't the form data still have to travel unencrypted from the visitor's browser to the secure page?
0
strickddCommented:
Correct, but it will be encrypted for part of the journey.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
sentientearthAuthor Commented:
I'm not sure I follow. Isn't the data unencrypted until it reaches the receiving page? Sorry to be slow on this...
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
HTML

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.