Google Answers Logo
View Question
 
Q: SSL Security ( No Answer,   2 Comments )
Question  
Subject: SSL Security
Category: Computers > Security
Asked by: aeejay88-ga
List Price: $3.50		 Posted: 15 Aug 2006 20:56 PDT
Expires: 19 Aug 2006 01:45 PDT
Question ID: 756451 
If information is POSTed to a SSL secured page from a non-SSL secured
page, is that information safe?

(i.e. is the SSL connection of the 2nd page established before the
information is POSTed from the user computer?)
Answer  
There is no answer at this time.

Comments  
Subject: Re: SSL Security
From: jdholycross-ga on 15 Aug 2006 22:06 PDT		  
http://blogs.msdn.com/ie/archive/2005/04/20/410240.aspx

[quote]
If the login form was delivered via HTTP, there's no guarantee it
hasn't been changed between the server and the client.  A bad guy
sitting on the wire between the two could simply retarget the POST to
submit to a HTTPS site that he controls.
[\quote]

Not really secure IMO
Subject: Re: SSL Security
From: aeejay88-ga on 19 Aug 2006 01:45 PDT		  
I worked this one out... the SSL handshake is made before POST Values
are sent, but jdholycross-ga is right, a page could be modified and
re-routed, not so easy to do however.
Important Disclaimer: Answers and comments provided on Google Answers are general information, and are not intended to substitute for informed professional medical, psychiatric, psychological, tax, legal, investment, accounting, or other professional advice. Google does not endorse, and expressly disclaims liability for any product, manufacturer, distributor, service or service provider mentioned or any opinion expressed in answers or comments. Please read carefully the Google Answers Terms of Service.

If you feel that you have found inappropriate content, please let us know by emailing us at answers-support@google.com with the question ID listed above. Thank you.
Search Google Answers for
Google Answers  

Google Home - Answers FAQ - Terms of Service - Privacy Policy