The initial pages protocol(http vs. https) does not matter. It is the
method with which the data is sent to the server when the user hits
submit. As long as the form specifies an action that points to an
address that begins with https, your data is secure. Nothing is passed
in the clear when sending a request(or submitting a form) to a server
via SSL(https).
Mason
John DeCarlo wrote:
On 7/19/07, Michael S. Altus <[EMAIL PROTECTED]> wrote:
Should login pages be secured (https)? A bank has a login page that has
account holders log in with their user ID and password on an unsecured
(http) page.
This goes to a secure site (https). A bank staff person told me that the
log
in page need not be secure. Is that correct?
It depends on what you are protecting against.
Interestingly, in practice most sites have the login page as HTTPS. The
reason is that with an HTTP login page, the user ID and password is being
passed in the clear from your PC to the web site. So anyone looking at
network traffic can get your username and password easily.
Even GMail has an HTTPS login page and then sends you to regular HTTP for
doing your email. The same is true for Yahoo mail and probably many
other
otherwise non-protected sites.
I would think a financial institution would be more careful. All the
financial institutions I use have the HTTPS login page as well as every
other page.
************************************************************************
* ==> QUICK LIST-COMMAND REFERENCE - Put the following commands in <==
* ==> the body of an email & send 'em to: [EMAIL PROTECTED] <==
* Join the list: SUBSCRIBE COMPUTERGUYS-L Your Name
* Too much mail? Try Daily Digests command: SET COMPUTERGUYS-L DIGEST
* Tired of the List? Unsubscribe command: SIGNOFF COMPUTERGUYS-L
* New address? From OLD address send: CHANGE COMPUTERGUYS-L YourNewAddress
* Need more help? Send mail to: [EMAIL PROTECTED]
************************************************************************
* List archive at www.mail-archive.com/computerguys-l@listserv.aol.com/
* RSS at www.mail-archive.com/computerguys-l@listserv.aol.com/maillist.xml
* Messages bearing the header "X-No-Archive: yes" will not be archived
************************************************************************
