Re: https-Question
- From: Chris Morris <c.i.morris@xxxxxxxxxxxx>
- Date: 13 Jul 2006 16:29:14 +0100
Sherm Pendley <sherm@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx> writes:
Wilhelm Kutting <wkutting@xxxxxxxx> writes:
Hello, i got a little understanding Problem.
on some http-Sites i can log into my Account with Name/Passwort.
The Form-Login-Page ist only http with form action directing to a
"secure" https page.
So - in my understanding the username and password is send uncrypted
over the Net.
Only the later Communication is done secure.
Am i right that only a https login-Form-page would be safe?
Whether the form itself was fetched from an http:// or https:// URL is
irrelevant. If the action of the form lists an https:// URL, the data is
encrypted when the form data is sent to that URL.
*However* it's worth having the form in https too, if that's
practical, so that a concerned user can be sure that the form they see
is the form your server sent (assuming they trust your server
certificate).
--
Chris
.
- Follow-Ups:
- Re: https-Question
- From: Sherm Pendley
- Re: https-Question
- References:
- https-Question
- From: Wilhelm Kutting
- Re: https-Question
- From: Sherm Pendley
- https-Question
- Prev by Date: Re: https-Question
- Next by Date: Re: https-Question
- Previous by thread: Re: https-Question
- Next by thread: Re: https-Question
- Index(es):
Relevant Pages
|
