[web] linking from http:// to https://
Hi, all.
Say I am at a website http://foo.com/page.html which contains a form with attribute action="https://foo.com/result.php". Is the form data guaranteed to arrive encrypted? Or do you already need to be in a https connection before you hit submit?
If the form POSTs to a https:// URL, the data will be encrypted. But users won't get a warm fuzzy feeling that it is.
It's better to host the form on https as well, at least, I've always done that.
If the web site is not performance critical and/or needs significant security, consider just moving the whole thing to https.
Mark
It's better to host the form on https as well, at least, I've always done that.
If the web site is not performance critical and/or needs significant security, consider just moving the whole thing to https.
Mark
In addition to what markr stated about making it all https, here's how to force https if you're using Apache and mod_rewrite:
<IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{HTTPS} !=on RewriteRule ^(.*) https://%{SERVER_NAME}/$1 [R,L]</IfModule>
Or rather than using mod_rewrite, use a different VirtualHost section for your HTTP site, and simply have that redirect unconditionally:
which is much simpler.
Mark
<VirtualHost whatever:80>Redirect permanent / https://whatever/</VirtualHost>
which is much simpler.
Mark
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement