Does anyone know how it is possible to add SSL to only part of a page?

What I mean is that if you go to banks' websites, they have a login form right on the home page even though it's just a HTTP and not HTTPS. Yet, they say this:

"
Ensuring the security of your personal information online is a top priority for us. When you sign in to Online Banking on our home page, your ID and passcode are secure.

The moment you click Sign In and before your ID and passcode leave your computer, we encrypt them using Secure Sockets Layer (SSL) technology. That means only Bank of America has access to your ID and passcode.
"

How can I do this? I am designing a site for a local bank and I would like to have the online banking sign in form on the home page.

Thanks
-Grant

The page containing the <form> itself may be on a regular http connection. The page or script that processes the submitted information is where the secure connection is necessary.

So the form tag would look something like this:
<form method="post" action="https://yourdomain.com/form_processing_script.php">
Alternately, you could simply force all site traffic through the secure connection (via .htaccess) but it can be noticably slower.

So when they say this: "The moment you click Sign In and before your ID and passcode leave your computer", there is no fancy extra coding. They're just doing what you said? Sorry to be redundant, I just want to make sure before I present this idea to the bank.

Thanks.

Here's how I would go about what you're wanting to do. For the main pages of the site (the ones not requiring a secure connection) simply code them as you normally would.

Then create a directory to contain any pages which will process or display sensitive information. The script or page that processes information submitted from the login form will also be in this directory. The page with the login form itself does not need to be in this directory but must have the action attribute set to the absolute https:// URL of the processing script. Once the form is submitted the server and client will have established a secure connection.

In this secure directory, use an .htaccess file to force all traffic through https. (This actually shouldn't be an issue if the directory is only accessible after logging in, but you don't want someone typing what should be a secure URL into their address bar without the https)
# NON-SECURE TO SECURE
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*)$ https://www.yourdomain.com/secure_directory [R=301,L]At this point, if a visitor navigates out of the secure directory, they will still be connecting via https, which will slow down page loading. Again using an .htaccess file, we can specify that the connection must be straight http for any pages outside the secure directory. This .htaccess file would go in your public root directory.
# SECURE TO NON-SECURE, WHEN LEAVING SECURE DIRECTORY
RewriteEngine On
RewriteCond %{SERVER_PORT} ^443$
RewriteRule ^(.*)$ http://www.yourdomain.com.com/$1 [R=301,L]The combination of these two files basically tells the browser "Connect through http by default. If in the secure directory, then connect through https".