[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[iaik-ssl]cu|| [iaik-jce] Is my session protected when I use HTTPS protocol?



Hi Luca,

SSL provides a transport encryption mechanism. So everything you send over
SSL is protected by the protocol. Yet, if you talk about "storing
information in your session", I get the idea you have some data like credit
card numbers stored e.g. in a serverside HttpSession object. Clearly, this
information is NOT encrypted by SSL, since it is stored beyond the
serverside end of the transport channel (typically in server memory). If
you wish to additionally secure this information, you have to do this on
your own.

Regards,
Stefan Knopp
CSC, Germany.

----- Forwarded by Stefan Knopp/PLZ/CSC on 06.09.2002 20:44 -----
                                                                                                                   
                    "Luca                                                                                          
                    Ventura"             To:     "iaik-ssl" <iaik-ssl@iaik.at>, "iaik-jce" <iaik-jce@iaik.at>      
                    <luca_vent           cc:                                                                       
                    @virgilio.it>        Subject:     [iaik-jce] Is my session protected when I use HTTPS          
                    Sent by:             protocol?                                                                 
                    iaik-jce-owne                                                                                  
                    r                                                                                              
                                                                                                                   
                                                                                                                   
                    06.09.2002                                                                                     
                    16:35                                                                                          
                                                                                                                   
                                                                                                                   




Hello everybody!

I have a doubt: is all the information I store in my session  protected
when
I use SSL or HTTPS protocol to send data?
I mean...if I put important information in the user's session (such as the
passwords and the credit card's nummbers) am I sure
they are crypted together with all other data I send? Or in any case the
information I put in the user's session is sent in clear text?

I hope someone can help me on this topic.

Thanks in advance!

                   Luca

--
Mailinglist-archive at
http://jcewww.iaik.at/mailarchive/iaik-jce/jcethreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content:
UNSUBSCRIBE iaik-jce



--
Mailinglist-archive at http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content: UNSUBSCRIBE iaik-ssl