1

i was under the impression if you had a page with a form, the page would have to include a url with https as well as the page after the form has submitted.

is this true?

i've just tried it out on a page with a http sign-in page and then a https and the data is all encrypted?

Tom
  • 419
  • 1
  • 5
  • 7

4 Answers4

3

Only the destination URL that you submit the form to needs to use HTTPS in order to have the information encrypted during transmission.

However, as described here, it's safer to encrypt the form page using HTTPS as well.

Community
  • 1
  • 1
newdayrising
  • 3,762
  • 4
  • 27
  • 31
0

No, the submitted data of html forms is not automatically encrypted via https.

kohlehydrat
  • 503
  • 1
  • 3
  • 19
  • can you elaborate on this? so how does one use http and then https to encrypt? rather than https and https? – Tom Feb 07 '11 at 21:29
0

In general, this is not true. You can do all kinds of form submissions without even touching https.

khr055
  • 28,690
  • 16
  • 36
  • 48
0

For users, it's better to have the form and the submission both be https. This allows the user to verify the security of the site before sending their data. If you submit a form on a site that starts as https and then drops it, they would receive an alert that they are leaving a secure area and decide if they still want to send their data.

However, there is no technical requirement preventing a form on http to be sent to an https site or any site, so it's possible to have the form as http, just not advisable.

BMitch
  • 231,797
  • 42
  • 475
  • 450