SSL: at what point is data encrypted?
I want to use SSL to support encrypted data transmission of credit card data, but in testing my pages they load VERY slowly. My pages are graphics heavy, and that isn't likely to change.
What I want to know is this: WHAT PRECISELY is required to get the POSTed credit card data SSL encrypted? What initiates the data encryption?
Here's my current flow:
Page 1: mypaymentform.php
contains a form
<form action=mysendpayment.php>
<input type=text name=creditcard>
</form>
Page 2: mysendpayment.php
<? handlecreditcard($_POST['creditcard])
echo "THANK YOU!"
?>
Currently my flow works like this:
httpS ://mydomain/mypaymentform.php
and I change <form action=mysendpayment.php>
to: <form action=httpS ://mydomain/mysendpayment.php>
Are BOTH these httpS calls needed for encryption?
Would I still encrypt the cc data thusly:
httP://mydomain/mypaymentform.php
and in mypaymentform.php:
<form action=httpS ://mydomain/mysendpayment.php>
?
Suppose I said in mysendpayment.php
<? handlecreditcard($_POST['creditcard])
header(Location:httP ://mydomain/thankyoupage.php);
?>
(This would cause page to redirect to a NON-SSL page immediately after creditcard processing). Would creditcard still be encrypted by SSL?
Thanks.
Nemo
