|
Security Basics
mailing list archives
Encrypted or Not Encrypted
From: amatachick () gmail com
Date: 11 Sep 2008 18:25:21 -0000
I've run into this issue a few times now and would like to know what y'all think. Here is the situation: A website not
using SSL has a login page. As soon as credentials are entered on this page they are redirected to a site using SSL.
Here is a specific example of the code on one such site:
<form name="loginpersonal" method="POST" action="https://secure.sitename.com/engine/login/login.asp"; onSubmit="return
checkLoginForm(this);">
<input type=hidden name=IsPostback value=1>
Now, from what I understand, the login credentials would still be unencrypted while traveling to the secure site. So
that would negate the effect of having it redirect to a secure site in the first place. Right? I keep brining up this
fact but all I get back is that it's being redirected so it's secure. I feel like I'm taking crazy pills here so I'd
appreciate some feedback. Am I wrong? If I am I can handle that, I'd just like to know. Thanks!
 By Date 
By Thread
Current thread:
- Encrypted or Not Encrypted amatachick (Sep 11)
| 
Intro
