[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Global Namespaces
- Subject: Re: Global Namespaces
- From: Chris Travers <..hidden..>
- Date: Sat, 13 Mar 2010 17:34:14 -0800
On Sat, Mar 13, 2010 at 5:21 PM, Luke <..hidden..> wrote:
> I am assuming SSL. Correct me if I am wrong, but my recollection is that
> the query string (I.E. get) is in the clear with SSL, whereas post data is
> not.
> Do I have a fundimental misunderstanding or massive brain fart here?
The SSL negotiation occurs as part of the socket establishment (hence
the name). This is why you can't supply different certificates based
on, say, the HOST header. SSL protects the whole socket, not just the
payload.
Best Wishes,
Chris Travers