Originally posted by Cindy Glass:
If I display a JSP page in a browser, and the user enters all sorts of confidential information in a text area, the data has to pass from the Browser (which may be in Europe) over to the server (which for us in the the US) before the servlet can process it.
What keeps others from being able to capture that input before it gets to the server? Is there any processing that happens on the BROWSER side before the data is shipped half way around the world??
If the URL to which the browser is supposed to send the HTML form is labeled with "https://", the browser performs an SSL "handshake" with the target server to authenticate it (to make sure that the server is who it claims to be). After a successful authentication, the browser encrypts the data being sent to the server and pushes it through the network. The web server receives the encrypted data, decrypts it and passes on to the application code for processing.
So your information (the form values) are secured all the way between the browser and the web server.
[ March 20, 2003: Message edited by: Lasse Koskela ]