Couple of techno questions

This WebDNA talk-list message is from

1999


It keeps the original formatting.
numero = 23931
interpreted = N
texte = Hello all, I've got two questions that have come up recently that I would like the list's help with. First, I'm having a debate with a client that the page that a cc number is entered (invoice.tpl) doesn't necessarily need to be served via ssl, so long as the page it submits to is served via ssl. My contention is that since http is 'sessionless' in the sense that once you've downloaded the page you are no longer connected to the server, then typing your cc number into a page that is not encrypted poses no security risk. It's the request for the next page (thankyou.tpl) that is the issue. Once you hit the submit button, the client attempts to connect to the https server. The data is then sent to the https server through an encrypted connection. Therefore, it is not essential that invoice.tpl is encrypted, as long as thankyou.tpl is. Am I correct or am I misunderstanding how http sessions operate? Second, I'm having trouble with a client who's entire LAN is using NAT to connect to the internet through one IP address. They are seeing each other's orders from different machines Is there an easy way to fix this? With the SOHO and NAT becoming more prevalent these days, do we need to start depending on cookies to track users?Thanks, Mike Davis Associated Messages, from the most recent to the oldest:

    
  1. Re: Couple of techno questions (Kenneth Grome 1999)
  2. Couple of techno questions (Mike_Davis 1999)
  3. Couple of techno questions (Mike_Davis 1999)
  4. Couple of techno questions (Mike_Davis 1999)
Hello all, I've got two questions that have come up recently that I would like the list's help with. First, I'm having a debate with a client that the page that a cc number is entered (invoice.tpl) doesn't necessarily need to be served via ssl, so long as the page it submits to is served via ssl. My contention is that since http is 'sessionless' in the sense that once you've downloaded the page you are no longer connected to the server, then typing your cc number into a page that is not encrypted poses no security risk. It's the request for the next page (thankyou.tpl) that is the issue. Once you hit the submit button, the client attempts to connect to the https server. The data is then sent to the https server through an encrypted connection. Therefore, it is not essential that invoice.tpl is encrypted, as long as thankyou.tpl is. Am I correct or am I misunderstanding how http sessions operate? Second, I'm having trouble with a client who's entire LAN is using NAT to connect to the internet through one IP address. They are seeing each other's orders from different machines Is there an easy way to fix this? With the SOHO and NAT becoming more prevalent these days, do we need to start depending on cookies to track users?Thanks, Mike Davis Mike_Davis

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

emailer setup (1997) same products but different (1998) WebCat hosting sites? (1998) Help! WebCat2 bug (1997) shownext in Another Users.db (2000) Search a date field by month only... (1999) Summing fields (1997) RE: Automatic Forwarding using WebCat (1997) WebCat2b13MacPlugIn - [include] doesn't allow creator (1997) b12 cannot limit records returned and more. (1997) Ok here is a question? (1997) Conveting Characters to Graphics (1997) ssl and invoic.tpl and back bttn (2002) [WebDNA] Error 500 with SUMM=T (2017) WC2.0 Memory Requirements (1997) FEW QUESTIONS (1997) WebCat2b12--[searchstring] bug (1997) WebCat2b15MacPlugin - [protect] (1997) Generating Report Totals (1997) Multiple 'Users.db' files not possible (1997)