File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Security and the fly likes a simple question about ssl Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Java Interview Guide this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "a simple question about ssl" Watch "a simple question about ssl" New topic

a simple question about ssl

Mahola Nawado

Joined: Dec 13, 2003
Posts: 8
I call a.jsp with http. In a.jsp, I have a link calling b.jsp with https. In b.jsp, I have a link calling c.jsp with http.
d1 = http request for calling b.jsp
d2 = http response which sends b.jsp
d3 = http request for calling c.jsp
d4 = http response which sends c.jsp
Which of d1, d2, d3, d4 are encrypted? Thanx...
Bruno Grossi

Joined: Mar 08, 2004
Posts: 3
I thing that d1 and d2 are encrypted.
Mahola Nawado

Joined: Dec 13, 2003
Posts: 8
thank you bruno... but isnt there anybody here who knows the answer of this question and sure about it..???
Mahola Nawado

Joined: Dec 13, 2003
Posts: 8
still waiting for an answer...
William Barnes
Ranch Hand

Joined: Mar 16, 2001
Posts: 986

The communications between a.jsp & b.jsp are secure, nothing else.

Please ignore post, I have no idea what I am talking about.
Nicholas Cheung
Ranch Hand

Joined: Nov 07, 2003
Posts: 4982
The data transmited through the 2 SSL endpoints are encrypted, since only a.jsp and b.jsp communicate using SSL (HTTPS), thus, only d1 and d2 are encrypted.
Sometimes, when you are browsing a site using SSL, there may be a pop up: "Now, you are going to read a page that is not protected by SSL", something like that, which means, the current page you are browsing is using SSL, however, the link you are clicking is NOT. And thus this message appears.

SCJP 1.2, OCP 9i DBA, SCWCD 1.3, SCJP 1.4 (SAI), SCJD 1.4, SCWCD 1.4 (Beta), ICED (IBM 287, IBM 484, IBM 486), SCMAD 1.0 (Beta), SCBCD 1.3, ICSD (IBM 288), ICDBA (IBM 700, IBM 701), SCDJWS, ICSD (IBM 348), OCP 10g DBA (Beta), SCJP 5.0 (Beta), SCJA 1.0 (Beta), MCP(70-270), SCBCD 5.0 (Beta), SCJP 6.0, SCEA for JEE5 (in progress)
scott p laplante

Joined: Mar 12, 2004
Posts: 13
d1 through d4 would all have to be implemented over https as well, as other posters have said. any server-side includes when processing b.jsp would also (naturally, but mootly, as it's server-side) be secure.
I agree. Here's the link:
subject: a simple question about ssl
jQuery in Action, 3rd edition