Re: credit card security -no padlock

From: Alun Jones (alun@texis.com)
Date: 11/19/02 

From: alun@texis.com (Alun Jones)
Date: Tue, 19 Nov 2002 18:36:19 GMT

In article <3dda621c$0$1417$1dc6e903@news.corecomm.net>, "Ron Ruble"
<raffles2@att.net> wrote:
>
>"Tracker" <TheTrackers111REMOVE@yahoo.com> wrote in message
>news:3DD84028.B71CE789@yahoo.com...
><snip>
>>
>> No lock on a web site means the web
>> site is insecure and any hacker will
>> get the information you provide to the web site.
>
>Not precisely. No lock means the communications
>channel is insecure, and information transmitted
>to the web site may be intercepted.

Not even that. The lack of a lock on a web browser's view of a page means
only that the page you are looking at _was_ sent to you without encryption.
It says _nothing_ about what happens when you fill in private data and send it
back. Since the page sent to you is usually an order form, there's nothing
secret on it, and no reason to encrypt it. Since the information you send
back usually has your credit card information, you want to know whether it's
encrypted. In current browser design, you can only do that by analysing the
source and seeing if the submit button goes to an https or http method.

Alun.
~~~~

[Please don't email posters, if a Usenet response is appropriate.] 

-- 
Texas Imperial Software   | Try WFTPD, the Windows FTP Server. Find us at
1602 Harvest Moon Place   | http://www.wftpd.com or email alun@texis.com
Cedar Park TX 78613-1419  | VISA/MC accepted.  NT-based sites, be sure to
Fax/Voice +1(512)258-9858 | read details of WFTPD Pro for XP/2000/NT.

Relevant Pages

  • Re: Hide text that I type when the following mail merge field is e
    ... Many keyboards - mine included - have an F Lock button which allows ... switching between F key function sets. ... Word MVP web site http://word.mvps.org ...
    (microsoft.public.word.docmanagement)
  • RE: how can you verify that the site you get is not a fake?
    ... > also understand that the lock function is a component of the browser... ... > provide a fake 'picture/icon' for the user to select, ... > Web Site Identity Verified ... a certificate authority you trust for this purpose. ...
    (Fedora)
  • Re: how to redeploy .net app without iisreset
    ... Although it doesn't lock the DLLs, it seems to lock the parent directory ... locks and then I could rename the web root directory. ... we found that we had to stop the Web site before uploading a new ...
    (microsoft.public.inetserver.iis)
  • Re: HEADS UP: UNIX domain socket locking changes merged to CVS HEAD
    ... mostly when starting-up gnome. ... It usually takes less than 5 to 10 minutes for the deadlock to happens. ... address continues to work--I can still access the web site from outside. ... of course I still could lock up.. ...
    (freebsd-current)
  • Re: how to redeploy .net app without iisreset
    ... As a result you could copy the current directory to an old one and install ... > Although it doesn't lock the DLLs, it seems to lock the parent directory>. ... > This is why it's posible to simply copy> the new version over the old, even though it's not possible to delete or> rename the old one. ... we found that we had to stop the Web site before uploading a new>> version. ...
    (microsoft.public.inetserver.iis)