Re: Is that secure : <form action="https" from a local HTML page ?

Volker, it seems you're not saying the same than others that say that
whether the page you're entering your password is on an HTTP or HTTPS
web page, it's only when you have clicked on the "send" button - or if
you've checked the code before - that you know if the datas have been
- or will be - sent encrypted or not.

Unruh, what you said is very interesting and I've checked my Firefox
settings : Show a warning dialog when I leave an encrypted page for
one that isn't encrypted is unchecked for me.
I guess I've unchecked it because I got it too many times, this is the
case for instance when you leave a secure site after you've clicked on
disconnect. If you have the option checked, you also get the warning
if for example you log on Google Groups : when you click on "sign in",
the target is fortunately on a HTTPS web page but you are then
automatically redirected on a HTTP web page and you get the warning
message.

Mozilla says for this option :

"With this option enabled, Firefox will warn you every time you move
from an encrypted page to an unencrypted page either by selecting a
link on the page, selecting a bookmark or typing a new address into
the location bar."

Then, it can be tempting to uncheck it but then one won't be warned
when sending uncrypted datas from a form on an HTTP web page to an
HTTPS one. I think there's should be a special option to warn
specifically for this, don't you think ?

But the worst thing is that the warning message don't ask you if you
want to cancel the transaction, it just warns you.
So, even if you check the option, if you don't check the code before,
you can transmit from an HTTPS web page your unencrypted password to
an HTTP web page and you know it only when it is done ! Incredible !

.

Quantcast