[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[iaik-ssl]cu|| R: [iaik-jce] A doubt about HTTPS protocol and sessions



Ok,
thank you very much for your help!

Now all is clear to me...:-)


Regards,

           Luca

-----Messaggio originale-----
Da: iaik-jce-owner@iaik.at [mailto:iaik-jce-owner@iaik.at]Per conto di
Ronald van Kuijk
Inviato: sabato 3 agosto 2002 20.19
A: "Luca Ventura"; "iaik-jce"; "iaik-ssl"
Oggetto: RE: [iaik-jce] A doubt about HTTPS protocol and sessions


Everything in the http protocol is encrypted, the URL, the cookie
everything.

If you look at the https in as layered protocol, SSL (the s in https) is
completely below http, so u can safely use cookies or url-rewriting to keep-
al link to server-side session information.

Ronald

"Luca Ventura" <luca_vent@virgilio.it> wrote:

>Hello everybody!
>
>I have a doubt:  are all the data sent using HTTPS protocol secure? I
>mean...if I send a cookie (that is an header of the request) using a HTTPS
>connection is it crypted or not? If it isn't crypted and so it is sent in
>plain text it could be read from everyone, included the users that isn't
>directed to!!!  The problem is that sessions are implemented above all
>through cookies and I would like to be able to store important information
>in a session (like password and so on): if a cookie could be read easily it
>would be very dangerous to store important information in it, am I right?
>
>What happen if instead of using cookies to implement sessions I use
>url-rewriting mechanism? In fact in this case all the information stored in
>a session are not sent through cookies but they are encoded in the url
(like
>the session-id): so if I use HTTPS protocol (so I use an url of the type
>"https://www.mydomanin.com/mysite.html?param1=value1&param2=value2&..."; are
>all the information encoded in the url protected and secure (because they
>are encrypted)? Or they are sent in plain text in any case?
>
>
>Thanks for your help in advance!
>
>
>Regards,
>
>                    Luca
>
>--
>Mailinglist-archive at
http://jcewww.iaik.at/mailarchive/iaik-jce/jcethreads.html
>
>To unsubscribe send an email to listserv@iaik.at with the folowing content:
UNSUBSCRIBE iaik-jce
>
>


__________________________________________________________________
Your favorite stores, helpful shopping tools and great gift ideas.
Experience the convenience of buying online with Shop@Netscape!
http://shopnow.netscape.com/

Get your own FREE, personal Netscape Mail account today at
http://webmail.netscape.com/

--
Mailinglist-archive at
http://jcewww.iaik.at/mailarchive/iaik-jce/jcethreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content:
UNSUBSCRIBE iaik-jce


--
Mailinglist-archive at http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content: UNSUBSCRIBE iaik-ssl