If you only need to secure their username/password, you only need SSL on the recieving server. However, that won't give the user a lock icon on the signin form, because the form isn't secure, only the data submitted from the form.
If you submit to an SSL encrypted URL, the first thing the browser does (well, after DNS and such) is create a secure connection, then it passes the form data, then it recieves the resulting page. Whether the page that is doing the submission is encrypted is completely irrelevant. If the previous page had to be encrypted to start an encrypted session, then there would be a Catch-22 preventing you from ever getting into an encrypted session, which is obviously not the case, as SSL is used all over the place. You have to weigh user experience as well. Will they be comfortable without that lock icon on the signin form? Most users don't understand that the submission is secure if the destination is secure, they just think if the form has a lock, it's secure. HTH, barneyb --- Barney Boisvert, Senior Development Engineer AudienceCentral (formerly PIER System, Inc.) [EMAIL PROTECTED] voice : 360.671.8708 x12 fax : 360.647.5351 www.audiencecentral.com > -----Original Message----- > From: Sean McCarthy [mailto:[EMAIL PROTECTED] > Sent: Wednesday, March 26, 2003 11:09 AM > To: CF-Talk > Subject: Http to Https Secure Transmission? > > > Hi, > We are about to rollout access to a Commerce 1 application server > through single sign-on from the intranet. Will a SSL cert need to be on > both ends to make the connection secure(the form submitting the Login/Pass > and the C1 server)? I have received varying answers on this subject. > Verisign says yes definitely. But then I look at sites like this: > > http://online.firstusa.com/bolHome.aspx?partner=fusacorp > > and the login page is non sol submitting to a sol page? Is this > information > sent in the clear? I assume so? Unless it is being encrypted before being > sent? > > thanks for your input > > sean > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
