Re: Is that secure : <form action="https" from a local HTML page ?
- From: Unruh <unruh-spam@xxxxxxxxxxxxxx>
- Date: Sat, 17 Mar 2007 16:07:58 +0100 (CET)
caolla@xxxxxxxxxxx writes:
3. Volker said :
"If you have a well checked HTTPS connection to your password form,
_before_ you're entering a password in it, you don't need to read the
HTML source code of the page to be safe from being attacked by a
MITM."
This is not compatible with point 1 that says every HTTP or HTTPS
connection is independent.
My question :
Can't we be on an HTTPS web page and fill in a form for which the
target is on a HTTP web page and then making an unsecure transaction ?
If yes, it would mean (if we don't first have a look at the source
code) that we cannot be sure that the transaction is secure until we
arrive on an HTTPS web page i.e after having entered our precious
password !
Of course. That is why many well setup browsers will say "you are changing
to an insecure web site. All you data will be sent unencrypted. Are you
sure you want to do this" or words to that effect.
Thanks again for your reactions !
.
- References:
- Is that secure : <form action="https" from a local HTML page ?
- From: caolla
- Re: Is that secure : <form action="https" from a local HTML page ?
- From: Barry Margolin
- Re: Is that secure : <form action="https" from a local HTML page ?
- From: caolla
- Re: Is that secure : <form action="https" from a local HTML page ?
- From: caolla
- Re: Is that secure : <form action="https" from a local HTML page ?
- From: Barry Margolin
- Re: Is that secure : <form action="https" from a local HTML page ?
- From: caolla
- Is that secure : <form action="https" from a local HTML page ?
- Prev by Date: Re: How to understand this "phishing" mail?
- Next by Date: Re: Is that secure : <form action="https" from a local HTML page ?
- Previous by thread: Re: Is that secure : <form action="https" from a local HTML page ?
- Next by thread: Re: Is that secure : <form action="https" from a local HTML page ?
- Index(es):
Relevant Pages |
|
