Re: Basic password security question
- From: "Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 23 Feb 2007 09:36:19 -0600
No. You should look at the wire traffic. That is just for the UI displayed
by the browser.
If you are doing a secure site where you will be collecting data like
passwords and potentially using cookies for authentication, you must use
SSL.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Opa" <Opa@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:5CD20844-7860-4BAB-BD57-AB0DBB43B991@xxxxxxxxxxxxxxxx
Hi all,
I was asked today if setting textmode="password" of a textbox control
was secure over http. I assumed that the browser does encryption before
sending it over the wire. Why aren't most login screen forms sent over
https?
Is my assumption about the browser providing encryption on special input
fields true? Can anyone explain?
Thanks,
Opa
.
- Prev by Date: Re: AD Login failure when using ActiveDirectoryMembershipProvider
- Next by Date: Re: AD Login failure when using ActiveDirectoryMembershipProvider
- Previous by thread: Re: Forms authentication - clean cookie when close browser
- Next by thread: Re: Basic password security question
- Index(es):
Relevant Pages
|
