Re: Is that secure : <form action="https" from a local HTML page ?
- From: Barry Margolin <barmar@xxxxxxxxxxxx>
- Date: Fri, 16 Mar 2007 00:59:13 -0400
In article <1173978867.536481.206180@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>,
caolla@xxxxxxxxxxx wrote:
Hi all !
I'd like some advices about SSL and HTTPS.
Could someone tell me the difference about security between this
cases :
Let's take the yahoo mail example :
1. From a local html page on his hard drive, a user send his id/pwd
through a form like this <form action="https://... method="post" ...
that is similar to the real one on Yahoo mail login page.
2. The same but done directly from the https yahoo site.
Am I wrong if I say that case 1 is not secure ?
Am I wrong if I say that before considering the transaction as secure,
the client has to be connected first one time to the server ? This
allows the client to check the certificate, to use it to create a
session key that is then sent to the server ? Is this process could be
done in case 1 ?
Thanks a lot in advance !!!
You're wrong. Every HTTP or HTTPS connection is independent, and the
certificate is checked each time you make a new HTTPS connection. It
doesn't matter where you came from.
--
Barry Margolin, barmar@xxxxxxxxxxxx
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***
.
- Follow-Ups:
- References:
- Prev by Date: Re: How to understand this "phishing" mail?
- Next by Date: Re: Is that secure : <form action="https" from a local HTML page ?
- Previous by thread: Is that secure : <form action="https" from a local HTML page ?
- Next by thread: Re: Is that secure : <form action="https" from a local HTML page ?
- Index(es):
Relevant Pages
|
|
