> I disagree. The password would be sent in the clear to the cgi script. At
> that point, it is too late to benefit from the SSL encryption; you might as
> well not have it.
> --
> Mark Thomas [EMAIL PROTECTED]
I think you misread the original post. Byron Wise says:
> Recently my company decided to put their login on the main
> page. This main
> page isn't secure. However the action attribute of the form
> tag does point
> to a secure cgi script that handles the username/password.
> What security
> risks if any are there with having this form on a non secure page?
So the username and password WILL BE USING a secure connection.
And the fact that the login page is not downloaded via SSL is IMHO
totaly unimportant. OK you could use SSL so that noone can spy on
that connection ... but what use would it be if anybody can look at
the page anyway?
Jenda
== [EMAIL PROTECTED] == http://Jenda.Krynicky.cz ==
: What do people think?
What, do people think? :-)
-- Larry Wall in <[EMAIL PROTECTED]>
_______________________________________________
Perl-Unix-Users mailing list. To unsubscribe go to
http://listserv.ActiveState.com/mailman/subscribe/perl-unix-users
