I have a shopping cart that goes into ssl the encryption of which gets activated when the order form is put up. But on AOL theyhave this thing "AOL Wallet" that pops up whenever you hit an order form and asks whether it shouldn't fill in the information on the order form.

I'm just wondering, if SSL is so secure, how does this crummy AOL Wallet thing know how to pop up and how does it insert itself into a ssl encryption situation?

I asked server's tech support and they said "you should see what verisign is doing" but I didn't have the nerve to follow that up...............

Any hints or help here?

The "AOL Wallet" is part of the AOL program, and shows up regardless of whether your site is using SSL. It's not under your control.

Yeah, that I learned, and I guess the main point is that no one ELSE could kind of "tune in" to a SSL exchange BUT me through AOL, BUT I wonder if SSL isn't somehow compromised by this, or even if AOL insists it isn't "logging" what I do and I don't GIVE it credit card #s etc., if they're not as available for hacking as the screen names that are almost never used...... I wish there were something that could be done about this thing.................

Thanks for the reply.

Originally posted by jeanne
I have a shopping cart that goes into ssl the encryption of which gets activated when the order form is put up. But on AOL theyhave this thing "AOL Wallet" that pops up whenever you hit an order form and asks whether it shouldn't fill in the information on the order form.

I'm just wondering, if SSL is so secure, how does this crummy AOL Wallet thing know how to pop up and how does it insert itself into a ssl encryption situation?

I asked server's tech support and they said "you should see what verisign is doing" but I didn't have the nerve to follow that up...............

Any hints or help here? While I don't have hands on experience with the AOL wallet (I can't stand AOL!), my guess is that the "spying" piece reside on the users computer, probably part of the AOL browser. You can think of SSL as a secure pipe -- it only secures the data traveling through the pipe, not what happens to the data on either end (server side or client side). While I'm usually critical about Versign, this issue is not their doing.