[CGUYS] Importance of secure login page

2007-07-19 Thread Michael S. Altus
Should login pages be secured (https)? A bank has a login page that has account holders log in with their user ID and password on an unsecured (http) page. This goes to a secure site (https). A bank staff person told me that the log in page need not be secure. Is that correct? Thanks,

Re: [CGUYS] Importance of secure login page

2007-07-19 Thread Mason Miller
If you view the HTML, the form is probably being sent to the server running SSL. You will see something like: form action=https://blah.blah.com; other form stuff here... /form As long as the form data is being sent via SSL, all of your form data is secure. Mason Michael S. Altus

Re: [CGUYS] Importance of secure login page

2007-07-19 Thread Snyder, Mark
Definitely should be https. Thank you, Mark Snyder -Original Message- Should login pages be secured (https)? A bank has a login page that has account holders log in with their user ID and password on an unsecured (http) page. This goes to a secure site (https). A bank staff person

Re: [CGUYS] Importance of secure login page

2007-07-19 Thread John DeCarlo
On 7/19/07, Michael S. Altus [EMAIL PROTECTED] wrote: Should login pages be secured (https)? A bank has a login page that has account holders log in with their user ID and password on an unsecured (http) page. This goes to a secure site (https). A bank staff person told me that the log in page

Re: [CGUYS] Importance of secure login page

2007-07-19 Thread mike
I've been scouring security now podcasts for this info because I know it was touched on. Alas, no go on finding it. I do remember however that they had said that it is not uncommon for the front page to not show encryption, but it will be because the page the information is going to IS

Re: [CGUYS] Importance of secure login page

2007-07-19 Thread Mason Miller
The initial pages protocol(http vs. https) does not matter. It is the method with which the data is sent to the server when the user hits submit. As long as the form specifies an action that points to an address that begins with https, your data is secure. Nothing is passed in the clear when

Re: [CGUYS] Importance of secure login page

2007-07-19 Thread db
But I think the point that someone else made is really important. Starting from a page that a layman can't visibly tell will be secure doesn't help the general public know what is safe and what's not. The end result of that ignorance ... which is promoted by this emerging login technique ...

Re: [CGUYS] Importance of secure login page

2007-07-19 Thread Ted Dickerson
for the full discussion. - TD - Original Message From: db [EMAIL PROTECTED] To: COMPUTERGUYS-L@LISTSERV.AOL.COM Sent: Thursday, July 19, 2007 1:16:16 PM Subject: Re: [CGUYS] Importance of secure login page But I think the point that someone else made is really important. Starting from a page