This may be the wrong place to post this question but here goes anyhow.
I have a login page which goes as follows:
LOGIN page - encrypted. User enters ID & password.
-> form leads to ...
PROCESSOR - processes password, make sure ok. This page not encrypted at
the moment.
-> form automatically redirects to ...
HOME - not encrypted. (redirects here if ok).
Now my question is this... if the user enters the data on the LOGIN page,
which redirects to the PROCESSOR page (which has no output, simply processes
the variable and then redirects back to login if it is in error), is the
user name and password safe? If you go
https://login
...
https://processor
...
http://home
You get a message telling you that you are being redirected to an insecure
page. I don't want that message. Neither do I necessarily want a "Welcome"
Screen... I'd much rather just go to the home page, where the user is told
his/her name.
Any hints or suggestions? Please respond via e-mail to
[EMAIL PROTECTED] THanks!
Justin Long
www.strategicnetwork.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
