Re: Is that secure : <form action="https" from a local HTML page ?

caolla@xxxxxxxxxxx wrote:
Volker, it seems you're not saying the same than others that say that
whether the page you're entering your password is on an HTTP or HTTPS
web page, it's only when you have clicked on the "send" button - or if
you've checked the code before - that you know if the datas have been
- or will be - sent encrypted or not.

I don't understand what you're complaining.

Encryption has *TWO* responsibilities here:

- the encrypted transport (via TLS, HTTPS) of the form itself makes you
safe from getting a compromized version, which was modified by a MITM

- the encrypted form POST makes you safe from an attacker getting your
password data by being MITM

Of course, both only will work, if you're checking certificates
assiduously.

Clear now?

Yours,
VB.
--
"Terror eignet sich mehr als irgendeine andere militärische Strategie dazu, die
Bevölkerung zu manipulieren."
(Dr. Daniele Ganser, 2005)
<http://www.auchdieserschwachsinnmussinsinternet.de/>
.