I have a website that use https/ssl and i have a question about that.
Website1: Has a valid ssl cert installed which allow users to use https.
Website2: Is not owned by me and does not use ssl, i have absolutely no influence on the website/server setup.
Website2 need to get some critical data (FTP login details) from Website1 (I currently use cURL for this) and I'm a bit worried about someone snapping the data in the process ("man-in-the-middle" and "eavesdropping" attacks ... not sure what it's called).
Will/can the SSL/https on Website1 be used to encrypt the connection?
Website2 uses something like this at the moment:
$filename = "https://mytestdomain.com/ftpdetails.php?accesskey=HF64GDFTRU8O
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $filename);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$html_content = curl_exec($ch);
ftpdetails.php check if the accesskey is valid and output the correct ftp details.