Security Basics mailing list archives
Re: Encrypted or Not Encrypted
From: Roman Fulop <ml () ensof1 trithem sk>
Date: Fri, 12 Sep 2008 09:28:37 +0200
Hi, AFAIK, the SSL handshake occurs before sending HTTP request. amatachick () gmail com wrote:
I've run into this issue a few times now and would like to know what y'all think. Here is the situation: A website not using SSL has a login page. As soon as credentials are entered on this page they are redirected to a site using SSL. Here is a specific example of the code on one such site: <form name="loginpersonal" method="POST" action="https://secure.sitename.com/engine/login/login.asp" onSubmit="return checkLoginForm(this);"> <input type=hidden name=IsPostback value=1> Now, from what I understand, the login credentials would still be unencrypted while traveling to the secure site. So that would negate the effect of having it redirect to a secure site in the first place. Right? I keep brining up this fact but all I get back is that it's being redirected so it's secure. I feel like I'm taking crazy pills here so I'd appreciate some feedback. Am I wrong? If I am I can handle that, I'd just like to know. Thanks!
Current thread:
- Encrypted or Not Encrypted amatachick (Sep 11)
- Re: Encrypted or Not Encrypted Roman Fulop (Sep 12)
- Re: Encrypted or Not Encrypted Gregory Rubin (Sep 16)
- Re: Encrypted or Not Encrypted Garry Baker (Sep 12)
- RE: Encrypted or Not Encrypted Eifrém Strinnholm Jonas (Sep 12)
- Re: Encrypted or Not Encrypted Rob (Sep 16)
- Re: Encrypted or Not Encrypted Douglas C. Duckworth (Sep 16)
- RE: Encrypted or Not Encrypted Basha, Arif (Sep 16)
- Re: Encrypted or Not Encrypted Douglas C. Duckworth (Sep 17)
- Re: Encrypted or Not Encrypted Roman Fulop (Sep 18)
- Message not available
- Re: Encrypted or Not Encrypted Roman Fulop (Sep 19)
- Re: Encrypted or Not Encrypted Rob (Sep 16)
- Re: Encrypted or Not Encrypted Roman Fulop (Sep 12)
- Re: Encrypted or Not Encrypted Rob (Sep 17)