I have a general HTTPS question. If I have a login form that appears on a standard http page, and it's sent to an https page (action=https://www.someurl.com/whatever.cgi), will the password and user name be incrypted? I see this done frequently and am not comfortable that the pass through is actually encrypted. I thought the form had to be in an https page, going to an https page for the encryption to work.

Thanks for any response, and could the responder point me to some reference materials on the subject please.

Hi,
im sure your correct. It will not be encrypted if passing from HTTP - HTTPS but will if HTTPS - HTTPS.

Where you are prior the secure exchange is insignificant. It doesn't matter if you are going to the https page from an http one, or if it's the first page viewed when opening your browser. If the protocol of the requested resource is HTTP, the browser knows to create a standard HTTP request and send it. If it is FTP it knows to send user info (user:password). And if it is HTTPS it knows to secure the data before trasmitting it.

jeffmott,

Thanks for the reply. Where can I read more about this particular aspect of HTTPS?

Thanks

http://wp.netscape.com/eng/ssl3/ssl-toc.html