Should login pages be secured (https)? A bank has a login page that has
account holders log in with their user ID and password on an unsecured (http)
page.
This goes to a secure site (https). A bank staff person told me that the log
in page need not be secure. Is that correct?
Thanks,
If you view the HTML, the form is probably being sent to the server
running SSL. You will see something like:
form action=https://blah.blah.com;
other form stuff here...
/form
As long as the form data is being sent via SSL, all of your form data is
secure.
Mason
Michael S. Altus
Definitely should be https.
Thank you,
Mark Snyder
-Original Message-
Should login pages be secured (https)? A bank has a login page that has
account holders log in with their user ID and password on an unsecured
(http) page.
This goes to a secure site (https). A bank staff person
On 7/19/07, Michael S. Altus [EMAIL PROTECTED] wrote:
Should login pages be secured (https)? A bank has a login page that has
account holders log in with their user ID and password on an unsecured
(http) page.
This goes to a secure site (https). A bank staff person told me that the
log
in page
I've been scouring security now podcasts for this info because I know it was
touched on. Alas, no go on finding it. I do remember however that they
had said that it is not uncommon for the front page to not show encryption,
but it will be because the page the information is going to IS
The initial pages protocol(http vs. https) does not matter. It is the
method with which the data is sent to the server when the user hits
submit. As long as the form specifies an action that points to an
address that begins with https, your data is secure. Nothing is passed
in the clear when
But I think the point that someone else made is really important.
Starting from a page that a layman can't visibly tell will be secure
doesn't help the general public know what is safe and what's not.
The end result of that ignorance ... which is promoted by this emerging
login technique ...
for the full discussion.
- TD
- Original Message
From: db [EMAIL PROTECTED]
To: COMPUTERGUYS-L@LISTSERV.AOL.COM
Sent: Thursday, July 19, 2007 1:16:16 PM
Subject: Re: [CGUYS] Importance of secure login page
But I think the point that someone else made is really important.
Starting from a page