Re: https-Question
- From: Sherm Pendley <sherm@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 14 Jul 2006 14:31:23 -0400
Wilhelm Kutting <wkutting@xxxxxxxx> writes:
Nikita the Spider schrieb:
In article <e95k2m$66q$1@xxxxxxxxxxxxxxxxxxxxxxxxx>,So if the loginform is http, the username and password is send via
Wilhelm Kutting <wkutting@xxxxxxxx> wrote:
Hello, i got a little understanding Problem.Wilhelm,
on some http-Sites i can log into my Account with Name/Passwort.
The Form-Login-Page ist only http with form action directing to a
"secure" https page.
So - in my understanding the username and password is send
uncrypted over the Net.
Only the later Communication is done secure.
Am i right that only a https login-Form-page would be safe?
Basically, yes.
HTTP = not secure, name and password sent without encryption
HTTPS = secure, name and password sent encrypted
Hope this helps
cleartext.
No.
It's the URL in the form element's "action" attribute that determines whether
the user name and password are encrypted, not the URL of the form itself.
As others have mentioned, fetching the form itself via https:// does provide
user feedback in many browsers which display "lock" icons and such. But it
technically makes no difference whatsoever in how the form data is sent to
the action URL.
sherm--
--
Web Hosting by West Virginians, for West Virginians: http://wv-www.net
Cocoa programming in Perl: http://camelbones.sourceforge.net
.
- References:
- https-Question
- From: Wilhelm Kutting
- Re: https-Question
- From: Nikita the Spider
- Re: https-Question
- From: Wilhelm Kutting
- https-Question
- Prev by Date: Align Right
- Next by Date: Re: How to split an HTML page for printing
- Previous by thread: Re: https-Question
- Next by thread: Re: https-Question
- Index(es):
Relevant Pages
|
