WebApp Sec mailing list archives
RE: Should login pages be protected by SSL?
From: "Cowles, Robert D." <rdc () slac stanford edu>
Date: Tue, 21 Jun 2005 20:21:44 -0700
There may not be an advantage in breaking into that account but consider that when grandmother registered at the web site she probably picked the same userid and password and password hint as she has at lots of other sites ..And SSL does nothing to mitigate that risk. -Steve -- Steve Shah sshah () RisingEdge org
SSL mitigates the risk of being able to sniff the userid/password from the unsecured wireless WAPs.
Current thread:
- Re: Should login pages be protected by SSL?, (continued)
- Re: Should login pages be protected by SSL? Torsten Mueller (Jun 21)
- RE: Should login pages be protected by SSL? Almerindo Graziano (Jun 21)
- Webapp-level protection/detection of Pharming attacks WebAppSecurity [Technicalinfo.net] (Jun 21)
- Re: Should login pages be protected by SSL? Steve Shah (Jun 21)
- Re: Should login pages be protected by SSL? Amir Herzberg (Jun 21)
- Re: Should login pages be protected by SSL? Steve Shah (Jun 21)
- RE: Should login pages be protected by SSL? Glenn Euloth (Jun 22)
- Re: Should login pages be protected by SSL? James Barkley (Jun 23)
- Re: Should login pages be protected by SSL? Saqib Ali (Jun 23)
- Re: Should login pages be protected by SSL? Eoin Keary (Jun 24)