Posted by Marcus on 10/03/05 02:27

David Dorward wrote:
> Marcus wrote:
>
>
>>I have 2 pages, an index and a login page. The user enters his or her
>>login info on the index page, which then gets sent via the form action
>>to the login page which compares this info with the database. My
>>question is this: do I have to put both of these files in my https
>>directory, or only the index page?
>
>
> For the data sent to the form handler[1] to be encrypted, and for the data
> returned by the form handler to be encrypted, the form handler must be
> hosted on an HTTPS server.
>
> The page containing the form should generally be on a secure server too as
> it strongly suggests to the user that the data they send will be secure.
>
> [1] The resource at the URL specified in the action attribute of the form
>

David,

Thank you for the reply. So just to clarify, both the front end
interface that accepts the form data and the backend processing page
should be on the HTTPS server. From there, wherever I redirect my
script to is free to be on regular HTTP without compromising the login
data, correct?

Thanks again.

[Back to original message]