If I submit an HTTPS URL form from an HTTP URL, will the form data be encrypted?

Question

If I submit an HTTPS URL form from an HTTP URL, will the form data be encrypted?

I am going to encrypt the login form on my website and I was wondering if I need to register the user in the login form at the HTTPS URL, or can the form data be sent to the HTTPS url from the HTTP URL and still be encrypted?

+4

ssl https

Tom Jun 25 '10 at 6:38

source share

2 answers

Yes, the login data is encrypted, but there is no obvious way to find out about this. It also leaves users open to a man-in-the-middle attack , because an attacker can simply change where the form messages are.

For a site that really needs security, it is highly recommended that you require https on any login page.

+3

Robert Jun 25 '10 at 7:41

source share

EMP · Accepted Answer · 2010-06-25T06:40:23+0000

Yes, it will be encrypted. The URL of the page from which the form is submitted does not matter, only the destination URL of the form.

It should be noted, however, that some browsers (at least IE 6) will warn the user when submitting a secure form from an insecure page. Why this requires a warning and what the user should do with it, I have no idea, but it can confuse people (if they bothered to read the warning).

If I submit an HTTPS URL form from an HTTP URL, will the form data be encrypted?

More articles: