Re: is this webpage secure?

From: Dr Balwinder Singh Dheeman (bsd.SANSPAM_at_sebs.org.in)
Date: 11/29/05


Date: Tue, 29 Nov 2005 23:47:50 +0530

Dr Balwinder Singh Dheeman wrote:
> Proteus wrote:
>
>> I am told by people in charge at the campus where I teach that this login
>> page is secure, that the form login info (username, password) is secure
>> when sent. But the browser page (Firefox, Mandriva Linux) info says the
>> page is not encrypted, not secure. Can someone clarify how such a login
>> page can securely transmit the login info? Link to login page is below:
>> http://www.lsc.edu/Online/VirtualCampusLogin.cfm
>
>
> No, I don't think; you are sending clear text data via _http_ (port 80),
> where as URL's for secure pages send encrypted data via _https_ (http
> via ssl, port 443).
>
> You can verify/confirm it by capturing data on port 80 and, or 443 with
> help of tcpdump(8) and, or ethereal(1).

Oops! I'm sorry, I skipped checking the said page's HTML code. For
sending back user's data it is using _https_ (http via ssl, port 443) so
it will transmit encrypted data and is secure.

-- 
Dr Balwinder Singh Dheeman            Registered Linux User: #229709
CLLO (Chief Linux Learning Officer)   Machines: #168573, 170593, 259192
Anu's Linux@HOME                      Distros: Ubuntu, Fedora, Knoppix
More: http://anu.homelinux.net/~bsd/  Visit: http://counter.li.org/


Relevant Pages

  • Re: Secure Login Form
    ... HTTPS should definitely be used, this web form isn't secure otherwise ... I'd recommend php, as it's server side so you are processing ... login form. ...
    (Security-Basics)
  • Re: https-Question
    ... If the form is submitted to a HTTPS address then the form data will arrive securely, but there is another issue with using insecure login pages like this. ... It's good practice to have both the login page and the page you submit to fully secure ...
    (comp.infosystems.www.authoring.html)
  • Re: Passing data from a http page to https page. Is it secure?
    ... Theoretically, yes, it's secure. ... https to begin with. ... Yahoo Login page has 2 modes Standard and Secure. ... > standard mode the login page was an http one, but the data is being posted ...
    (microsoft.public.vsnet.general)
  • Re: is this webpage secure?
    ... >> I am told by people in charge at the campus where I teach that this login ... >> page is secure, that the form login info is secure ... sending back user's data it is using _https_ ... it will transmit encrypted data and is secure. ...
    (comp.os.linux.security)
  • Re: Is .NET Passport credential traffic secure?
    ... my point is that you must FIRST establish a secure connection to ... user instead of making the login page itself secured with SSL so the ... The "Sign In" page at eBay submits the form data ... HTTPS site: Allowing the site to generate the HTML content in the page ...
    (microsoft.public.security)