Aaron Turner wrote: > 2009/6/8 P�l Bergstr�m <[email protected]>: >> >> A general question regarding SSL and login. Does it matter if a login >> form is not passed through SSL when sent to the user browser but the >> post action is? Will the password be sent through SSL in this case? > > Both need to be wrapped in SSL for proper security. If the form is > not SSL then people can do MITM attacks (among others) to get the > username/password sent to the wrong server. > Besides that, users expect to see the lock (and https) on the page with the login form. I'd be leery of any site that contained a username/password that was not contained within a secure page. Plus there's no good reason not to secure the login form's page. -- Posted via http://www.ruby-forum.com/.
--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
