WebApp Sec: Re: Must we authenticate login forms (using SSL?)?

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

WebApp Sec mailing list archives

Re: Must we authenticate login forms (using SSL?)?

From: info () biledge com
Date: Thu, 29 Sep 2005 11:03:06 +0300

hi,

we do authenticate login forms with SSL or not, UAE (users  are everywhere) is
the valid one, the attack is unavoidable. kind of hit-and-hide game. then MITM is also = UITM.

if we can create a 'secure system' among all servers in the world, then we may provide
security. but if clauses are jokers sometimes, i think it is better to prefer the identity based 
security systems. you can have SSL but user may not use https. if servers can control the use 
of https, then i think things would be different in terms of security (now i feel very insecure !)..
i am just thinking though..

regards,

billur c.

By Date By Thread

Current thread:

Must we authenticate login forms (using SSL?)? Amir Herzberg (Sep 28)
- <Possible follow-ups>
- Re: Must we authenticate login forms (using SSL?)? info (Sep 29)
  - Re: Must we authenticate login forms (using SSL?)? Antoine Martin (Sep 29)
    - RE: Must we authenticate login forms (using SSL?)? Nathaniel S. H. Brown (Sep 29)
    - Re: Must we authenticate login forms (using SSL?)? Peter Conrad (Sep 30)
    - RE: Must we authenticate login forms (using SSL?)? Nathaniel S. H. Brown (Sep 30)
    - Re: Must we authenticate login forms (using SSL?)? Rogan Dawes (Sep 30)