Posted by David Dorward on 10/03/05 02:07

Marcus wrote:

> I have 2 pages, an index and a login page. The user enters his or her
> login info on the index page, which then gets sent via the form action
> to the login page which compares this info with the database. My
> question is this: do I have to put both of these files in my https
> directory, or only the index page?

For the data sent to the form handler[1] to be encrypted, and for the data
returned by the form handler to be encrypted, the form handler must be
hosted on an HTTPS server.

The page containing the form should generally be on a secure server too as
it strongly suggests to the user that the data they send will be secure.

[1] The resource at the URL specified in the action attribute of the form

--
David Dorward <http://blog.dorward.me.uk/> <http://dorward.me.uk/>
Home is where the ~/.bashrc is

• Next in forum: Re: Please criticize my website
• Prev in forum: Re: css - background-color not set for the whole container
• Thread view: Re: using SSL

[Reply to this message]