i have a HTTP page with a form, if a set the action to a HTTPS page, is this secure?, the browser process all tha data before send it to the net?? or should i use HTTPS for my entire site??
+7
A:
Yes, it'll be secure if the location your form is posting to is HTTPS.
Users, however, may freak out that there's no lock icon in their browser on the page with the form. You may be better off from a usability standpoint having both pages be HTTPS.
ceejayoz
2010-10-20 13:32:46
+1
A:
If you set action to HTTPS this will indeed be secure. Before anything can happen over HTTPS a handshake has to occur, and the browser sending the data will have to do this when the action occurs.
m.edmondson
2010-10-20 13:33:20
+2
A:
Yes. As long as the request that needs to be secure is https, you're good.
That being said, many key sites, including gmail, have stopped bothering carving off small sections of their site to be https and just made their whole site https. It's easier and safer, and you lose little in the way of performance.
Scott Stafford
2010-10-20 13:33:40
+2
A:
The actual data transfer from your form to the server is encrypted when posting over HTTPS. If that is what you mean by secure, then yes, it is secure.
I think what you are getting at in your question is, what about client-side stuff reading the form prior to post. That is certainly possible, HTTPS or not.
On another note though, you should probably use HTTPS for the actual form. Some browsers warn users as their posts are redirected over the HTTP/HTTPS boundary. Plus, I don't think your users will be happy filling out a form where there is no secure icon showing.
Brad
2010-10-20 13:34:21