Secure (SSL) Connections (aka Protecting Code)

Mark Brownell gizmotron at earthlink.net
Sat Apr 24 16:58:33 EDT 2004


On Saturday, April 24, 2004, at 12:22  PM, Dreamscape Software 
Webmaster wrote:

> Alright, if I just connect with the "get url" command to a secure 
> server, is
> the connection secure?  Ex:  get url
> https://process.somecreditcard.com/process.cgi
>
> Derek Bump
> Dreamscape Software

Derek

Sorry. I wish it were that easy. The problem is the server at 
"https://process.somecreditcard.com" might be secure but the data you 
want to send to it won't be in a rev app. The way it works is like 
this: Your browser uses a key that is used to encrypt data that you 
send to that server from a secure website form or similar process 
during send or post. What's important is protecting your personal data 
as it is passed to the secure server. Keys can be registered with 
Verisign. It would be pointless if everyone used the same encryption 
key to protect their important data. This is a great thing that 
Verisign did.

Now if you control the server you can send it any encrypted data with 
your own secret decoder ring encryption. You of course would have your 
own key to decrypt it with.

Hope that helps,

Mark



More information about the use-livecode mailing list