|
Posted by Barry Margolin on March 16, 2007, 12:59 am
If you were Registered and logged in, you could reply and use other advanced thread options
caolla@hotmail.com wrote:
> Hi all !
>
> I'd like some advices about SSL and HTTPS.
> Could someone tell me the difference about security between this
> cases :
>
> Let's take the yahoo mail example :
>
> 1. From a local html page on his hard drive, a user send his id/pwd
> through a form like this <form action="https://... method="post" ...
>
> that is similar to the real one on Yahoo mail login page.
>
> 2. The same but done directly from the https yahoo site.
>
> Am I wrong if I say that case 1 is not secure ?
>
> Am I wrong if I say that before considering the transaction as secure,
> the client has to be connected first one time to the server ? This
> allows the client to check the certificate, to use it to create a
> session key that is then sent to the server ? Is this process could be
> done in case 1 ?
>
> Thanks a lot in advance !!!
You're wrong. Every HTTP or HTTPS connection is independent, and the
certificate is checked each time you make a new HTTPS connection. It
doesn't matter where you came from.
--
Barry Margolin, barmar@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***
| 
XML site map