https question on popular email providors

From: richard (richard2008918_at_yahoo.com)
Date: 06/07/03

Next message: Agent Mimic: "Re: Where To Purchase My Book on Security, the Internet and Hacking"
Previous message: owl: "Re: Where To Purchase My Book on Security, the Internet and Hacking"
Next in thread: Skulking Rogue: "Re: https question on popular email providors"
Maybe reply: Skulking Rogue: "Re: https question on popular email providors"
Reply: Martin Cooper: "Re: https question on popular email providors"
Reply: sponge: "Re: https question on popular email providors"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 6 Jun 2003 16:23:33 -0700

I have seen hotmail and yahoo email providing https connection for
login. However, once the user is authenticated, the page is
re-directed to non-secure http. Does that mean all the data (i.e. the
content of email) in transmission are not protected? If this is the
case, why bother to protect userID/password?
Maybe I am missing something here.

I am going to set a web-based email application to my company's IMAP
server. I am evaluating to what extent of implementation https
communication assuming user can access their email account using
browser anywhere and anytime. How big is the overhead if implementing
https through the entire session? Are there any other solutions that
can increase the security in such a scenario?

You comment is greatly appreciated!

richard

Next message: Agent Mimic: "Re: Where To Purchase My Book on Security, the Internet and Hacking"
Previous message: owl: "Re: Where To Purchase My Book on Security, the Internet and Hacking"
Next in thread: Skulking Rogue: "Re: https question on popular email providors"
Maybe reply: Skulking Rogue: "Re: https question on popular email providors"
Reply: Martin Cooper: "Re: https question on popular email providors"
Reply: sponge: "Re: https question on popular email providors"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: [PHP] Back to security
... Better off to do all of 1, 2, and 3 inside HTTPS. ... server before the rest of the request is decrypted. ... server once the login was successful. ... cannot grab the hash and use that, I have a random hash that is hashed ...
(php.general)
Re: Bank login not using https
... is SSL secured with verisign... ... After I signed up I immediately changed my login details/ ... that https is important. ... websites don't need to be SSL-protected. ...
(comp.security.misc)
Re: SSL Sicherheit nur auf die Seite https =?iso-8859-1?Q?beschr=E4nkt=3F?=
... > Wenn ich mich bei Ebay anmelde, dann beginnt die Login seite mit https. ... Wenigstens ist das Login ... Next by Date: ...
(microsoft.public.de.security.netzwerk.sicherheit)
LOGIN INFO secure at wwww.americanexpress.CA?
... secure page which causes the lock symbol to be displayed in the status ... That is the difference which caused the login page ... even though the page itself is not https. ... of a lock in the login region. ...
(microsoft.public.windows.inetexplorer.ie6.browser)
Re: Password Sites
... knows my Password & possably more since most r not HTTPS. ... To be of any use he still needs the login name & url. ... Non-https password entry? ... care what browser you use - it would be foolish to use the same ...
(microsoft.public.windowsxp.security_admin)