Re: Is that secure : <form action="https" from a local HTML page ?
- From: Volker Birk <bumens@xxxxxxxxxxx>
- Date: 16 Mar 2007 19:27:45 +0100
caolla@xxxxxxxxxxx wrote:
In standard mode, the current page use HTTP but the action of the
HTML form where you type your password directs you on a HTTPS page.
So, is this secure or not ?
If you have a well checked HTTPS connection to your password form,
_before_ you're entering a password in it, you don't need to read
the HTML source code of the page to be safe from being attacked
by a MITM.
If you don't have such a well checked HTTPS connection but plain HTTP
over TCP, then you need to check the HTML source code first each time
you're wanting to use the password form. Only then you can be sure that
there is the right target URL in the form.
Yours,
VB.
--
"Terror eignet sich mehr als irgendeine andere militärische Strategie dazu, die
Bevölkerung zu manipulieren."
(Dr. Daniele Ganser, 2005)
<http://www.php.isn.ethz.ch/collections/colltopic.cfm?lng=en&id=15301>
.
- References:
- Is that secure : <form action="https" from a local HTML page ?
- From: caolla
- Re: Is that secure : <form action="https" from a local HTML page ?
- From: Barry Margolin
- Re: Is that secure : <form action="https" from a local HTML page ?
- From: caolla
- Re: Is that secure : <form action="https" from a local HTML page ?
- From: caolla
- Is that secure : <form action="https" from a local HTML page ?
- Prev by Date: Re: Is that secure : <form action="https" from a local HTML page ?
- Next by Date: Re: Is that secure : <form action="https" from a local HTML page ?
- Previous by thread: Re: Is that secure : <form action="https" from a local HTML page ?
- Next by thread: Re: Is that secure : <form action="https" from a local HTML page ?
- Index(es):
Relevant Pages
|
|
