[nycphp-talk] sessions and application security
Chris Shiflett
shiflett at php.net
Tue Jan 27 13:44:13 EST 2004
--- charlie derr <cderr at simons-rock.edu> wrote:
> or maybe there's a more insidious problem of some headers of an
> https session being sent cleartext (if this is the case I certainly
> wasn't aware of it previously)
This is not the case. SSL lies between TCP and HTTP, so that everything at
the HTTP level is protected. If that makes no sense, just know that the
entire HTTP request and corresponding respnse is protected with SSL.
Hope that helps.
Chris
=====
Chris Shiflett - http://shiflett.org/
PHP Security Handbook
Coming mid-2004
HTTP Developer's Handbook
http://httphandbook.org/
More information about the talk
mailing list