Re: Bank Of America - sign on process - how is this secure?
From: James Preston (jgp@operamail.com)
Date: 11/26/02
- Next message: Bill Unruh: "Re: ip address and ports"
- Previous message: Henrick Hellström: "Re: Bank Of America - sign on process - how is this secure?"
- In reply to: those who know me have no need of my name: "Re: Bank Of America - sign on process - how is this secure?"
- Next in thread: Curious Owl: "Re: Bank Of America - sign on process - how is this secure?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: James Preston <jgp@operamail.com> Date: 26 Nov 2002 13:05:14 +1100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 25 Nov 2002, those who know me have no need of my name:
> the form submission (aka, login) is totally secure. it's the lock / safety
> indicator that is incorrect or misleading, at least it is in all the
> browsers which i've seen, including mozilla and msie. most web sites cater
> to the idiocy (by serving the entire login page via ssl), some don't.
Idiocy is not the brower's, IMHO - the browser is correctly indicating
that the form itself has not been protected. It is standard in
security terms to serve the form via HTTPS.
If someone can tamper with the login form itself in transit there is no
guarentee (without inspecting the source) that the login details will
be sent to right server - via HTTPS or otherwise.
- --
James Preston
-----BEGIN PGP SIGNATURE-----
iD8DBQE94tZqgXK32hUOOt0RAnJzAJ4tVQjwmwwTikxxaOh9ZNPv6/G+egCgwPRh
Iand/yB+6ud3tIQ6OhzGQ9o=
=fiEZ
-----END PGP SIGNATURE-----
- Next message: Bill Unruh: "Re: ip address and ports"
- Previous message: Henrick Hellström: "Re: Bank Of America - sign on process - how is this secure?"
- In reply to: those who know me have no need of my name: "Re: Bank Of America - sign on process - how is this secure?"
- Next in thread: Curious Owl: "Re: Bank Of America - sign on process - how is this secure?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
