Listen to what Barney said. Verisign is in the business of selling certificates and they BS'd you, from the sound of it.
As was pointed out, a form without the little lock on it is not secure insofar as a user is concerned. They'd have to do a View Source to see the secure form post addr, which very few will do of course. -------------------------------------------- Matt Robertson [EMAIL PROTECTED] MSB Designs, Inc. http://mysecretbase.com -------------------------------------------- I've stopped 47,866 spam messages. You can too! Get your free, safe spam protection at http://www.cloudmark.com/spamnetsig/ -----Original Message----- From: Sean McCarthy [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 26, 2003 11:09 AM To: CF-Talk Subject: Http to Https Secure Transmission? Hi, We are about to rollout access to a Commerce 1 application server through single sign-on from the intranet. Will a SSL cert need to be on both ends to make the connection secure(the form submitting the Login/Pass and the C1 server)? I have received varying answers on this subject. Verisign says yes definitely. But then I look at sites like this: http://online.firstusa.com/bolHome.aspx?partner=fusacorp and the login page is non sol submitting to a sol page? Is this information sent in the clear? I assume so? Unless it is being encrypted before being sent? thanks for your input sean ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4