Re: Encrypted or Not Encrypted
- From: Ray Van Dolson <rvandolson@xxxxxxxx>
- Date: Thu, 11 Sep 2008 16:10:28 -0700
On Thu, Sep 11, 2008 at 11:25:21AM -0700, amatachick@xxxxxxxxx wrote:
I've run into this issue a few times now and would like to know what
y'all think. Here is the situation: A website not using SSL has a
login page. As soon as credentials are entered on this page they are
redirected to a site using SSL. Here is a specific example of the
code on one such site:
<form name="loginpersonal" method="POST" action="https://secure.sitename.com/engine/login/login.asp"; onSubmit="return checkLoginForm(this);">
<input type=hidden name=IsPostback value=1>
Now, from what I understand, the login credentials would still be
unencrypted while traveling to the secure site. So that would negate
the effect of having it redirect to a secure site in the first place.
Right? I keep brining up this fact but all I get back is that it's
being redirected so it's secure. I feel like I'm taking crazy pills
here so I'd appreciate some feedback. Am I wrong? If I am I can
handle that, I'd just like to know. Thanks!
When the user clicks submit above, the POST request containing the
login information in the form is sent directly to the HTTPS URL in the
"action" field. Redirect wouldn't really be the correct term to use
here... you'd be talking directly to the HTTPS server from the moment
you submit the form in this case.
Ray
- Follow-Ups:
- RE: Encrypted or Not Encrypted
- From: Marco M. Morana
- RE: Encrypted or Not Encrypted
- References:
- Encrypted or Not Encrypted
- From: amatachick
- Encrypted or Not Encrypted
- Prev by Date: Re: Corporate policy question - Personal Laptops
- Next by Date: Re: Corporate policy question - Personal Laptops
- Previous by thread: RE: Encrypted or Not Encrypted
- Next by thread: RE: Encrypted or Not Encrypted
- Index(es):
Relevant Pages
|
