Is a signon to an SSL site from an http:// page secure?
Bruce Dawson
jbd at codemeta.com
Thu Jun 23 14:16:01 EDT 2005
Ted Roche wrote:
> I always thought that you needed to be using an https:// page before
> sending user names and passwords to log in. My credit union claims
> this isn't true, and that since clicking the signon button takes you
> to an SSL page, the information typed in is transmitted securely. I
> have my doubts. Here's a portion of their claim, from the front page
> of http://www.navyfcu.org. I'd welcome opinions.
> ...
Their login form is within a '<form name="logon" method=post
action="https://myaccounts.navyfcu.org/cgi-bin/ifsewwwc?Logon" ...>'.
Since they are POSTing to an HTTPS site, then the password will go over
a SSL connection.
--Bruce
More information about the gnhlug-discuss
mailing list