Michael Sweeney wrote: >Your form action parameter has an absolute url specifying an https >protocol. When the browser submits the form, it uses the url you specify >which is https. So the request is going to be encrypted. You might >consider serving the form page from https as well to kind of tighten >things up a little >
What is tightened up exactly? The original poster is probably trying to avoid SSL everywhere possible, thus the question. This is a very considerate approach, because SSL more than triples the amount of time taken to complete the HTTP transaction. He's trying to be polite to his users, rather than using SSL on one more page just to be safe, which is a tactic I applaud. >encrypted connection. Your main problem is going to be the fact that the >http and https services are accessing two different file system spaces >(or they should be unless you've got your server badly misconfigured) > Why would you consider this badly misconfigured? I would wager that *most* Web sites use the same document root for both http and https. Do you think this is insecure? Remember, the reason for using SSL is to protect the data during transmission, *not* the data sitting on the server, wherever that may be. Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
