The encryption is performed on submission, so the form does not have to be an https. That said, while all of us so called experts might know this, the general public does not, and they will be looking for that lock symbol on the form page, so you might as well make it a mandatory ssl page anyway.
Cary Gordon The Cherry Hill Company At 07:36 AM 2/22/2003 -0600, you wrote: >For proper security, should your login screen be called using HTTPS as well as >the action screen or just the login action screen? > >http://www.domain.com/login.cfm > >Or > >https://www.domain.com/login.cfm > >Andy ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4