Re: Encrypted or Not Encrypted

[Garry Baker <bakerga () yahoo com>]

have you setup wireshark (or other sniffer) inline and
can you see the password on the wire?

best way to know for sure and show others...

goodluck
garry
--- amatachick () gmail com wrote:

> I've run into this issue a few times now and would
> like to know what y'all think. Here is the
> situation: A website not using SSL has a login page.
> As soon as credentials are entered on this page they
> are redirected to a site using SSL. Here is a
> specific example of the code on one such site:
> <form name="loginpersonal" method="POST"
action="https://secure.sitename.com/engine/login/login.asp";
> onSubmit="return checkLoginForm(this);">
>    <input type=hidden name=IsPostback value=1>
>
> Now, from what I understand, the login credentials
> would still be unencrypted while traveling to the
> secure site. So that would negate the effect of
> having it redirect to a secure site in the first
> place. Right? I keep brining up this fact but all I
> get back is that it's being redirected so it's
> secure. I feel like I'm taking crazy pills here so
> I'd appreciate some feedback. Am I wrong? If I am I
> can handle that, I'd just like to know. Thanks!


-- 
Garry L. Baker

"Man is not intended to see through the eyes of another, hear through another's ears nor comprehend with another's 
brain... Therefore depend upon your own reason and judgment and adhere to the outcome of your own investigation…"  
-`Abdu'l-Bahá