It is better from a security point of view to have a secure login. The secure 
server encrypts the data between the browser and the server, making it 
impossible to read on its journey from you to the server.

However whether it is a major security  problem is another question. To view 
the traffic somebody must have access to the servers that route your request, 
which isn't easy. They then have to spot your traffic amongst all the other web 

If it is the login for your Swiss bank account where you hid the million you 
made without declaring tax then it should be secure - no question. On the other 
hand if it is just to login to see when your books will be delivered, with no 
sensitive financial information then the risk is smaller and it is unlikely 
that anyone is trying too hard to get your login, so an insecure login carries 
less risk. 

You could always host the login page on a non secure server but post the form 
to a secure server.


> -----Original Message-----
> From: Micah Stevens [mailto:[EMAIL PROTECTED]
> Sent: 17 January 2005 02:46
> To: php-db@lists.php.net
> Subject: Re: [PHP-DB] Security Question
> If it submits to a secure server the form data will be encrypted before 
> transmission I believe. At least that's my understanding, and 
> that seems to 
> be how ebay does it for example. Once you log-in, it submits to a secure 
> page. 
> -Micah 
> On Sunday 16 January 2005 06:38 pm, Chris Payne wrote:
> > Hi everyone,
> >
> >
> >
> > I have a security question, I want to see if I am right or 
> wrong.  I have
> > programmed a system with PHP and MySQL, the main system resides 
> on a secure
> > server, but the client wants the login page on a NON-Secure server for
> > marketing purposes.  Am I the only one who thinks this is a 
> major security
> > concern?
> >
> >
> >
> > Chris
> -- 
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php

PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to