Richard Lynch wrote: >>http://domainname.com/register.php >>display a user registration form having >>[form action="https://domainname.com/register.php"; method="post"] >> >>will the data from that page be encrypted when it is sent via https >>specified in the [form] action? >> >>note: the registration form is served from http. >> >I think you need to have the FORM page itself be using HTTPS as well... >
No, as stated, securing the transaction that involves the form (rather than the submitted data) provides no real benefit. The only reason you would want to do this is if you are including some sensitive information in the construction of the form itself, such as a credit card number being printed in the HTML as a hidden form field (best hypothetical I can come up with at the moment). Most people who ask this question just want to know if the data submitted in the form will be secure if only the target URL uses https, in which case the answer is simply yes. Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
