Re: is this webpage secure?

From: Dr Balwinder Singh Dheeman (bsd.SANSPAM_at_sebs.org.in)
Date: 11/29/05 

Date: Tue, 29 Nov 2005 23:26:32 +0530

Proteus wrote:
> I am told by people in charge at the campus where I teach that this login
> page is secure, that the form login info (username, password) is secure
> when sent. But the browser page (Firefox, Mandriva Linux) info says the
> page is not encrypted, not secure. Can someone clarify how such a login
> page can securely transmit the login info? Link to login page is below:
> http://www.lsc.edu/Online/VirtualCampusLogin.cfm

No, I don't think; you are sending clear text data via _http_ (port 80),
where as URL's for secure pages send encrypted data via _https_ (http
via ssl, port 443).

You can verify/confirm it by capturing data on port 80 and, or 443 with
help of tcpdump(8) and, or ethereal(1). 

-- 
Dr Balwinder Singh Dheeman            Registered Linux User: #229709
CLLO (Chief Linux Learning Officer)   Machines: #168573, 170593, 259192
Anu's Linux@HOME                      Distros: Ubuntu, Fedora, Knoppix
More: http://anu.homelinux.net/~bsd/  Visit: http://counter.li.org/

Relevant Pages

  • Re: Is .NET Passport credential traffic secure?
    ... my point is that you must FIRST establish a secure connection to ... user instead of making the login page itself secured with SSL so the ... The "Sign In" page at eBay submits the form data ... HTTPS site: Allowing the site to generate the HTML content in the page ...
    (microsoft.public.security)
  • Re: Ace Password Sniffer : How does it work ?
    ... >> Another protocol that offers same is IPSec. ... >> authentication and secure transfer of data between server and client ... >> would be pretty hard to use SSL to secure data exchanged between ... Once you are done with the secured login, ...
    (microsoft.public.security)
  • Re: is this webpage secure?
    ... > page is secure, that the form login info is ... you are sending clear text data via _http_ (port ...
    (comp.os.linux.security)
  • LOGIN INFO secure at wwww.americanexpress.CA?
    ... secure page which causes the lock symbol to be displayed in the status ... That is the difference which caused the login page ... even though the page itself is not https. ... of a lock in the login region. ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: How do I protect my login page from prying eyes (forms authentication)?
    ... Sure, do this if you want to, but I'd rather devote time and energy to making my site secure even if someone discovers the "protected" site. ... Once it's out in the open (and if it's believed the contents are high valued, and people suspect that you've hidden the login page as a security measure), you may be *more* likely to be attacked. ... This means that when the site owner prints an invoice, the URL of this page will be shown in the footer. ...
    (microsoft.public.dotnet.framework.aspnet)