From: Graham A. Patterson (grahamp@econ.Berkeley.EDU)
Date: Mon Dec 16 2002 - 16:15:51 PST
Rusty Wright wrote (in part):
> Question; if I have a file, form.html and it's called via
> http://host/form.html
> and in that file it has
> <form action="https://host/form.php" method="post">
> Is the data being sent securely (encrypted) from the user's browser?
This is lazy. All it takes to make it PHP is to wrap the HTML in a couple
of script tags and a 'heredoc'. Most (Apache) web servers do not like
mixing HTML and CGI scripts from the same directory as a security issue,
but it is easy to set up by wrapping the page. Or you can alter the
.htaccess file, which I would not recommend.
The data transmission is secure, unfortunately you do not know that the
form comes from the trusted source, and hence the encrypted link in the
page may not be to the people you intend.
Graham
-- Graham Patterson, NT/XP System Administration Dept. of Economics, UC Berkeley (510)643-5397 ----------------------------------------------------------------------- The following was automatically added to this message by the list server: Webnet information is available at <URL:http://webnet.berkeley.edu/>.
This archive was generated by hypermail 2.1.5 : Mon Dec 16 2002 - 16:17:19 PST