[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[iaik-ssl]cu|| R: [iaik-jce] A doubt about HTTPS protocol and sessions
thank you very much for your help!
Now all is clear to me...:-)
Da: firstname.lastname@example.org [mailto:email@example.com]Per conto di
Ronald van Kuijk
Inviato: sabato 3 agosto 2002 20.19
A: "Luca Ventura"; "iaik-jce"; "iaik-ssl"
Oggetto: RE: [iaik-jce] A doubt about HTTPS protocol and sessions
Everything in the http protocol is encrypted, the URL, the cookie
If you look at the https in as layered protocol, SSL (the s in https) is
al link to server-side session information.
"Luca Ventura" <firstname.lastname@example.org> wrote:
>I have a doubt: are all the data sent using HTTPS protocol secure? I
>mean...if I send a cookie (that is an header of the request) using a HTTPS
>connection is it crypted or not? If it isn't crypted and so it is sent in
>plain text it could be read from everyone, included the users that isn't
>directed to!!! The problem is that sessions are implemented above all
>through cookies and I would like to be able to store important information
>in a session (like password and so on): if a cookie could be read easily it
>would be very dangerous to store important information in it, am I right?
>What happen if instead of using cookies to implement sessions I use
>url-rewriting mechanism? In fact in this case all the information stored in
>a session are not sent through cookies but they are encoded in the url
>the session-id): so if I use HTTPS protocol (so I use an url of the type
>all the information encoded in the url protected and secure (because they
>are encrypted)? Or they are sent in plain text in any case?
>Thanks for your help in advance!
>To unsubscribe send an email to email@example.com with the folowing content:
Your favorite stores, helpful shopping tools and great gift ideas.
Experience the convenience of buying online with Shop@Netscape!
Get your own FREE, personal Netscape Mail account today at
To unsubscribe send an email to firstname.lastname@example.org with the folowing content:
Mailinglist-archive at http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html
To unsubscribe send an email to email@example.com with the folowing content: UNSUBSCRIBE iaik-ssl