I have an asp page that is displayed under https because it contains sensitive information. In the page code I need to do a server.transfer in order to pass data from the original page to go to a processing page, run some stored procedures that do some database updates and from there redirect to another page. The code works fine, but I'm worried about security. The question I have is using server.transfer from an https page secure method of data transfer. It seems it would be secure since the transfer is done on the server and there is no round trip to the browser. The reason I ask is when the original page is submitted, I get a dialog box (only from IE) telling me it is passing both secure and non secure data. Again, this dialog doesn't happen in firefox or safari. If anyone knows why using the server.transfer would not be secure I would appreciate knowing about it and why. Thanks tom
do you have page stats tracking? maybe its a javascript thats external - an http instead of an https?
it could also be an image or css file within the page that you are calling with http:// instead of https://
server.transfer does transfer internally to a page on server side without making a trip to browser and changing url in clients browser