WebApp Sec mailing list archives
Re: Growing Bad Practice with Login Forms
From: Ivan Ristic <ivanr () webkreator com>
Date: Tue, 27 Jul 2004 21:02:43 +0100
So, ultimately, SSL doesn't buy you anything
I would really like to see browser manufacturers make changes to improve the usefulness of SSL: * The difference between a non-SSL and a SSL site should be more visible to the user. SSL-enabled connections should be made to look more important. The small image in the corner does not cut it. I would like to see a red border around the whole browser window. Or a red border until you explicitely choose to trust a site, at which point it changes to green. Something like that. Also, why not display the contents of a certificate on the screen at all times (e.g. organization name & address). * Browsers should remember the public key of a visited server, and compare the stored key with the key received upon the next visit. Just as SSH does. * Session cookies transmitted over an unencrypted channel should not be allowed over SSL. The same the other way round. * No links out of SSL should be allowed (embedded or proper links). -- ModSecurity (http://www.modsecurity.org) [ Open source IDS for Web applications ]
Current thread:
- Growing Bad Practice with Login Forms Mark Curphey (Jul 27)
- Re: Growing Bad Practice with Login Forms Konstantin Ryabitsev (Jul 27)
- Re: Growing Bad Practice with Login Forms Rogan Dawes (Jul 27)
- Re: Growing Bad Practice with Login Forms Devin Heitmueller (Jul 27)
- Re: Growing Bad Practice with Login Forms Konstantin Ryabitsev (Jul 27)
- Re: Growing Bad Practice with Login Forms Ivan Ristic (Jul 27)
- Re: Growing Bad Practice with Login Forms David Wall @ Yozons, Inc. (Jul 27)
- Re: Growing Bad Practice with Login Forms Jason Coombs PivX Solutions (Jul 27)
- Re: Growing Bad Practice with Login Forms Ivan Ristic (Jul 28)
- Re: Growing Bad Practice with Login Forms Konstantin Ryabitsev (Jul 27)
- RE: Growing Bad Practice with Login Forms Konstantin Ryabitsev (Jul 27)
- RE: Growing Bad Practice with Login Forms Dan C Crawford (Jul 27)
- successful anonymous login Jose Rivera (Jul 27)
- Re: successful anonymous login Adam Tuliper (Jul 27)
- RE: successful anonymous login Jose Rivera (Jul 27)