[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[iaik-ssl]cu|| [iaik-jce] Is my session protected when I use HTTPS protocol?
SSL provides a transport encryption mechanism. So everything you send over
SSL is protected by the protocol. Yet, if you talk about "storing
information in your session", I get the idea you have some data like credit
card numbers stored e.g. in a serverside HttpSession object. Clearly, this
information is NOT encrypted by SSL, since it is stored beyond the
serverside end of the transport channel (typically in server memory). If
you wish to additionally secure this information, you have to do this on
----- Forwarded by Stefan Knopp/PLZ/CSC on 06.09.2002 20:44 -----
Ventura" To: "iaik-ssl" <email@example.com>, "iaik-jce" <firstname.lastname@example.org>
@virgilio.it> Subject: [iaik-jce] Is my session protected when I use HTTPS
Sent by: protocol?
I have a doubt: is all the information I store in my session protected
I use SSL or HTTPS protocol to send data?
I mean...if I put important information in the user's session (such as the
passwords and the credit card's nummbers) am I sure
they are crypted together with all other data I send? Or in any case the
information I put in the user's session is sent in clear text?
I hope someone can help me on this topic.
Thanks in advance!
To unsubscribe send an email to email@example.com with the folowing content:
Mailinglist-archive at http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html
To unsubscribe send an email to firstname.lastname@example.org with the folowing content: UNSUBSCRIBE iaik-ssl