(slightly OT?): confirmation needed

Anon

Hello all,

it might be a little offtopic but I need some confirmation whether my thoughts are correct:

Via PHP I include a remote http_s_ site and with a querystring I add some paramters to it:

include("https://www.securesite.com/index.php?this=is&not=secure_right");

These parameters are sent unencrypted to securesite.com, correct? From the point on where securesite.com sends a response, everything (both directions) is encrypted as long as I keep walking on https ground, right?
Or is always just the response "server --> client" encrypted?

Thanks in advance,

Dominique Stender

[deleted]

As far as I know (and it sounds pretty logical to me) the encryption should work in both directions.

Anon

Yeah, that's how I understood the principal as well. However the first request (and with it the parameters) gets through unencrypted?

Dominique

[deleted]

I should think so.