Re: Internet Explorer SSL encoding

From: S. Pidgorny [MVP] (slavickp@yahoo.com)
Date: 10/10/02

• Next message: TL: "Re: how to make it total private."
• Previous message: S. Pidgorny [MVP]: "Re: .NET security and W2K Security"
• In reply to: Jon Keeney: "Internet Explorer SSL encoding"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "S. Pidgorny [MVP]" <slavickp@yahoo.com>
Date: Thu, 10 Oct 2002 19:44:01 +1000

If action is a https: URL, POST data will be sent over a secure connection.
Make traffic capture to make sure and use that as a proof. I'd love to see
comments from the security company (btw is that one of the Big 5 audit
firms?).

Sometimes "security companies" are rather disappointing. Yes, some people
called "security experts" or "security consultants" truely believe that you
can post securely from a page that is delivered over a secure channel.
That's rubbish.

If you need any help, let us know.

--
Svyatoslav Pidgorny, MS MVP, MCSE
-= F1 is the key =-
"Jon Keeney" <jon_keeney@itsolutionstx.com> wrote in message
news:9db501c26f22$72d41cb0$35ef2ecf@TKMSFTNGXA11...
> I have a web page at an http address.  On this web page, I
> have a form that uses the post method to send a username
> and password to a secure script using action="https://
>
> A security company is telling my customer, a bank, that
> the data sent sent is not encrypted and is not secure.
>
> It is my understanding that there is communication between
> IE and the https server before any data is sent and then
> the data is encrypted.  Is this correct.
>
> I need a thorough discussion on why this is true or not
> true because of Banking rules and regulations.  I am
> technically capable of understanding a well thought out
> reply.
>
> Thanks

---

• Next message: TL: "Re: how to make it total private."
• Previous message: S. Pidgorny [MVP]: "Re: .NET security and W2K Security"
• In reply to: Jon Keeney: "Internet Explorer SSL encoding"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages RE: How does a customer get PCI audited? ... "You secure your systems by having an IT Security Company perform a real ... good assessment" ... good controls and training help secure a system. ... PCI-DSS compliance is at least a small defence. ... (Security-Basics) Re: Is this REALLY a secure site? ... >> How can anyone really know if an SSL or HTTPS connection is truly ... Even if it is theoretically secure ... major credit card company wound up making the authorization against my ... > site uses a numerical IP address: those are always bogus. ... (microsoft.public.windowsxp.general) Re: Secure an upload page ... The most secure way to do downloads might be to use NTFS ... If the upload page ... I am using https ... (microsoft.public.inetserver.iis.security) Re: At What Point Does the Security Begin? ... All secure forms examine this variable, and if empty redirect to the ... all pages behind the login are posted through SSL. ... in which I understand .NET uses a cookie behind ... not secure (it's called at http, not https) but posts to a page ... (microsoft.public.dotnet.security) Re: Ethernet cable question. ... I have developed Web HTTPS site ... solutions on the server and on the client end. ... *CAN* be secure. ... (microsoft.public.windows.vista.general)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(18)