It really depends what the page does. You could try installer a web debugger like Fiddler <http://fiddler2.com> or Charles<http://www.charlesproxy.com/>(or look at the network tab in Firebug or the Chrome inspector) to see exactly where the page transmits your information to.
Even if the username and password are transmitted securely, presumably there is some kind of ongoing session identifier being sent to & from your browser and the non-secure endpoint, in which case you may still be vulnerable to session hijacking. On Thu, May 3, 2012 at 10:39 AM, Brett Holden <[email protected]>wrote: > Is it safe to enter a password on a web page that is just http? > I've stumbled across a http page asking for my username and password. The > page itself is http but has a form posting to a https PHP page. I would > think the password gets sent in clear text but wanted to be sure. > > Cheers > Brett >
