Thanks for the info.




>-----Original Message-----
>Submitting non-encrypted form data via XMLHTTP or 
ServerXMLHTTP is
>essentially the same as submitting regular form data in a 
non-encrypted
>fashion. What this means is that data submitted via 
XMLHTTP (or the Server
>equivalent in the case of the aforementioned article, 
820882) is simply
>passed via clear text using HTTP POST.
>
>So, in answer to your first question, one common way of 
encrypting the data
>is to use HTTPS. If your pages are HTTPS, the data you 
send will be
>encrypted.
>
>In answer to your second question, it is a security risk 
if the data you are
>passing is sensitive. For example, if you were to pass 
social security
>numbers or such using XMLHTTP (or the Server equivalent), 
just as you would
>with a normal HTTP POST operation using forms, you would 
most likely want to
>encrypt this data using SSL.
>
>Finally, note that XMLHTTP uses the client's browser 
settings to determine
>if data will be passed on an unencrypted channel (and 
will deny access as
>appropriate), whereas ServerXMLHTTP (as of MSXML 4.0 SP2, 
per 820882) uses
>the server settings to determine this (and will also deny 
access as
>appropriate).
>-- 
>
>
>     Dave Beauchemin
>     Microsoft MVP, MCP
>     www.webdotmag.com
>
>
>
>"juliemango@h..." 
<anonymous@d...> wrote in
>message news:416201c3cfa8$611669a0$7d02280a@p......
>> According to MS Knowledgebase article Q820882 all that 
is
>> necessary is to enabled the "Submit nonencrypted form
>> data" Internet security option to allow the POST command
>> to function properly.
>>
>> I have a few questions about this solution:
>>
>> 1. If it is apparently possible to send nonencrypted 
form
>> data, how do I send ENCRYPTED form data?
>> 2.  What are the implications of enabling this option?  
Am
>> I creating a security leak on my clients computer by
>> enabling this option?
>>
>> Any comments, tips, Knowledgebase article numbers would 
be
>> appreciated.
>>
>> Thanks.
>>
>
>
>.
>