Re: Is that secure : <form action="https" from a local HTML page ?

Thanks to all for your answers, this is very interesting but something
still remains unclear.

If I follow Barry :

[>"He was just using local storage as an example of a place different
from the original web site. His concern, I suspect, was whether it
would be safe for him to make a local version of the login form for a
web site" : exactly, thanks Barry !]

1. Every HTTP or HTTPS connection is independent.
So, whether I enter my password from an HTML page located on my hard
disk or from an HTTP web page, since the target of the form is HTTPS,
the transaction is secure.

2. When Yahoo and others offer 2 choices, since the target is HTTPS,
the both choices are secure but though it's unjustified, the users
feel more comfortable with the padlock.

3. Volker said :
"If you have a well checked HTTPS connection to your password form,
_before_ you're entering a password in it, you don't need to read the
HTML source code of the page to be safe from being attacked by a

This is not compatible with point 1 that says every HTTP or HTTPS
connection is independent.

My question :
Can't we be on an HTTPS web page and fill in a form for which the
target is on a HTTP web page and then making an unsecure transaction ?
If yes, it would mean (if we don't first have a look at the source
code) that we cannot be sure that the transaction is secure until we
arrive on an HTTPS web page i.e after having entered our precious
password !

Thanks again for your reactions !


Relevant Pages