I disagree. The password would be sent in the clear to the cgi script. At
that point, it is too late to benefit from the SSL encryption; you might as
well not have it.
--
Mark Thomas [EMAIL PROTECTED]
Sr. Internet Architect User Technology Associates, Inc.
$_=q;KvtuyboopuifeyQQfeemyibdlfee;; y.e.s. ;y+B-x+A-w+s; ;y;y; ;;print;;
> -----Original Message-----
> From: Meier, Josh [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, June 06, 2001 3:21 PM
> To: '[EMAIL PROTECTED]'
> Subject: RE: [Perl-unix-users] Login Security
>
>
>
> There are no security risks involved with doing that, as its
> just a form, it
> doesn't actually process the login.
>
> -----Original Message-----
> From: byron wise [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, June 06, 2001 12:00 PM
> To: [EMAIL PROTECTED]
> Subject: [Perl-unix-users] Login Security
>
> Recently my company decided to put their login on the main
> page. This main
> page isn't secure. However the action attribute of the form
> tag does point
> to a secure cgi script that handles the username/password.
> What security
> risks if any are there with having this form on a non secure page?
>
> byron
>
>
> "When you sell a man a book, you don't sell him 12 ounces of
> paper and ink
> and glue - you sell him a whole new life." - Christopher Morley
>
> "Thanks O'REILLY." - Me
>
>
>
>
>
> _______________________________________________________
> Send a cool gift with your E-Card
> http://www.bluemountain.com/giftcenter/
>
>
> _______________________________________________
> Perl-Unix-Users mailing list. To unsubscribe go to
> http://listserv.ActiveState.com/mailman/subscribe/perl-unix-users
> _______________________________________________
> Perl-Unix-Users mailing list. To unsubscribe go to
> http://listserv.ActiveState.com/mailman/subscribe/perl-unix-users
>
_______________________________________________
Perl-Unix-Users mailing list. To unsubscribe go to
http://listserv.ActiveState.com/mailman/subscribe/perl-unix-users
