Hi The page/form will be requested over a non secure connection. When the form is submitted the browser establishes a secure connection to the server and then sends the data, so the data is sent securely. Peter > -----Original Message----- > From: Micah Stevens [mailto:micah@xxxxxxxxxxxxxxxxxx] > Sent: 17 January 2005 03:47 > To: php-db@xxxxxxxxxxxxx > Subject: Re: Security Question > > > But what I'm saying is that if you're submitting a form from an unsecured > page, to a script on a secure server, the data will still be encrypted. > Anyone know this for sure to be correct? It sure makes sense this way. > > > On Sunday 16 January 2005 07:27 pm, Peter Lovatt wrote: > > Hi > > > > It is better from a security point of view to have a secure login. The > > secure server encrypts the data between the browser and the > server, making > > it impossible to read on its journey from you to the server. > > > > However whether it is a major security problem is another question. To > > view the traffic somebody must have access to the servers that > route your > > request, which isn't easy. They then have to spot your traffic > amongst all > > the other web traffic. > > > > If it is the login for your Swiss bank account where you hid the million > > you made without declaring tax then it should be secure - no > question. On > > the other hand if it is just to login to see when your books will be > > delivered, with no sensitive financial information then the > risk is smaller > > and it is unlikely that anyone is trying too hard to get your > login, so an > > insecure login carries less risk. > > > > You could always host the login page on a non secure server but post the > > form to a secure server. > > > > Peter > > > > > -----Original Message----- > > > From: Micah Stevens [mailto:micah@xxxxxxxxxxxxxxxxxx] > > > Sent: 17 January 2005 02:46 > > > To: php-db@xxxxxxxxxxxxx > > > Subject: Re: Security Question > > > > > > > > > > > > If it submits to a secure server the form data will be > encrypted before > > > transmission I believe. At least that's my understanding, and > > > that seems to > > > be how ebay does it for example. Once you log-in, it submits > to a secure > > > page. > > > > > > -Micah > > > > > > On Sunday 16 January 2005 06:38 pm, Chris Payne wrote: > > > > Hi everyone, > > > > > > > > > > > > > > > > I have a security question, I want to see if I am right or > > > > > > wrong. I have > > > > > > > programmed a system with PHP and MySQL, the main system resides > > > > > > on a secure > > > > > > > server, but the client wants the login page on a NON-Secure > server for > > > > marketing purposes. Am I the only one who thinks this is a > > > > > > major security > > > > > > > concern? > > > > > > > > > > > > > > > > Chris > > > > > > -- > > > PHP Database Mailing List (http://www.php.net/) > > > To unsubscribe, visit: http://www.php.net/unsub.php > > -- > PHP Database Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
