Author: Kevin P. Fleming Date: CC: exim-users Subject: Re: [Exim] Secure email->Webmail transaction question
Nico Erfurth wrote:
> > Keep in mind that SSL security on a web site (https) is one-way secure;
> > only
> > data from the client to the web server is encrypted, I believe. The data
> > coming
> > back from the web server is unencrypted, which is why any good secure
> > commerce
> > site never displays your credit card number back to you (at least not the
> > complete number).
>
>
> HU?
>
> Nope, the whole transaction is encrypted, the complete number is not
> showed because of caching on the client-side.
I could very well be mistaken, but I was sure that the encryption only happened
on the client end (i.e. the server only decrypted, never encrypted). I don't
think caching has much to do with it, the web sites just don't send the full
number back on the "order complete" page. I always thought they did that because
it wasn't encrypted, but maybe it's just because they want to be extra careful
with that information.