Midnight Voices
THE PETE ATKIN WEB FORUMRSS
Welcome, Guest. Please Login or Register.
This page loaded: 22.11.17 at 07:28 UK
PA
HOME
Pete Atkin home page
MV Home | Short | Help | Search | Members | Login | Register | Shop | PA Home
Midnight Voices HTML/SSL question
   Midnight Voices
   Atkin admin
   Tech
(Moderator: Snoopy)
   HTML/SSL question
« Previous thread | Next thread »
Pages: 1   Start of Thread | Latest Post Reply | Notify of replies | Send Thread | Print
   Author  Thread: HTML/SSL question  (Read 2376 times)
Gerry Smith
MV Fixture
****





   

Posts: 222
HTML/SSL question
« : 26.06.07 at 16:23 »
Quote

I'm hoping a tech savvy MV might be able to answer a question I have relating to HTML forms and HTTPS links.
 
I have an HTML form which resides on a standatd, non-secure http:// page. The 'send' button on the form invokes the following code:
 
<form action="https://secure.magic-moments.com/thenew/cgi-bin/SimpleSecure.pl" method="post">
 
Someone is claiming that despite this, since the form itself resides on a non-secure page, the data is sent out via port 80 and not 443. Personally I don't see how this can be the case - on clicking the 'send' button the usual warning that you are about to view pages over a secure connection pops up and nothing is sent before 'OK' is clicked.  
 
Any advice gratefully received.
 
Thanks
 
Gerry
 
IP logged

Out playing the saxes
Snoopy
MV Moderator
*****



Alexis Birkill

   

Posts: 44
Re: HTML/SSL question
« Reply #1: 26.06.07 at 17:08 »
Quote

You are entirely correct - because the script that is called by the form is on an SSL-encrypted site, the data passed from the user's web browser across the internet will be encrypted.
 
However, persuading someone who is convinced otherwise that this is the case is less trivial.  The recent push in security has caused many people to be very suspicious if they don't see the padlock icon, and for (reasonably) good reasons.
 
As an example of why your site is technically encrypted but still off-putting, imagine the reverse situation, where your script is not hosted on a HTTPS site.  Until the point I hit submit on that form, short of examining the source code of your webpage, I have no proof that the data is going to be encrypted.  The only indication of this occurs after I hit the submit button, at which point it will pop up a 'secure connection' notification.  
 
But if the form is on an open HTTP site, I don't get any warning at all - I've just submitted my data over an open link!  In other words, your site is giving security feedback only after the point of no return - if it's not encrypted, it's too late, and I can't get my data back.  It's not unreasonable for people to be cautious in this situation.
 
If possible, you should really attempt to get the form itself hosted on the HTTPS server as well.  This gives much more protection for the customer, as they both have the padlock icon in their browser (and can examine your security certificate's credentials before submitting data), and they will get a warning if the data they submit is not being sent over a secure link.
IP logged
Gerry Smith
MV Fixture
****





   

Posts: 222
Re: HTML/SSL question
« Reply #2: 26.06.07 at 17:30 »
Quote

Many thanks, Snoopy. Glad I'm not going mad (did that years ago!). Your advice is good though - I've had this complaint several times now. Might be better just to host the page on the secure server.  
 
I didn't do this originally because the page in question is entitled 'subscription information' and just happens to have the form on it in case anyone decides to subscribe. I thought if people see the SSL 'warning' - which is often associated with parting with money -  before they've read the info, it might put some people off and hence lose customers.
 
Thanks for your good advice.
 
Gerry
« Last Edit: 26.06.07 at 17:45 by Gerry Smith » IP logged

Out playing the saxes
Pages: 1    Start of Thread | Latest Post Reply | Notify of replies | Send Thread | Print
Return to Top « Previous thread | Next thread »
MV Home | Short | Help | Search | Members | Login | Register | Shop | PA Home
Midnight Voices is not responsible for comments made by its members. All opinions expressed are entirely those of their authors.
Midnight Voices » Powered by YaBB 1 Gold - SP 1.3.1!
YaBB 2000-2003. All Rights Reserved.