If I'm trying to secure my login method. From an unsecured server the user enters their login credentials into a standard HTML form, which is POSTing to a script on a secure server. This script does all the necessary login functions, and sends the user back to the insecure server.
My question boils down to this: Is the login information encrypted through SSL before it is POSTed to the secure server, therefore preventing any man-in-the-middle packet sniffing. Or is everything still being sent in the clear, and the form doing the POSTing has to be hosted on the secure server as well?
Thanks