WebApp Sec mailing list archives
Re: Should login pages be protected by SSL?
From: Steve Shah <sshah () risingedge org>
Date: Tue, 21 Jun 2005 19:38:28 -0700
There may not be an advantage in breaking into that account but consider that when grandmother registered at the web site she probably picked the same userid and password and password hint as she has at lots of other sites ..
And SSL does nothing to mitigate that risk. -Steve -- Steve Shah sshah () RisingEdge org
Current thread:
- RE: Should login pages be protected by SSL?, (continued)
- RE: Should login pages be protected by SSL? maburns (Jun 20)
- Re: Should login pages be protected by SSL? Amir Herzberg (Jun 21)
- Re: Should login pages be protected by SSL? Torsten Mueller (Jun 21)
- RE: Should login pages be protected by SSL? Almerindo Graziano (Jun 21)
- Webapp-level protection/detection of Pharming attacks WebAppSecurity [Technicalinfo.net] (Jun 21)
- Re: Should login pages be protected by SSL? Amir Herzberg (Jun 21)
- RE: Should login pages be protected by SSL? maburns (Jun 20)
- Re: Should login pages be protected by SSL? Steve Shah (Jun 21)
- Re: Should login pages be protected by SSL? Amir Herzberg (Jun 21)
- Re: Should login pages be protected by SSL? Steve Shah (Jun 21)
- RE: Should login pages be protected by SSL? Glenn Euloth (Jun 22)
- Re: Should login pages be protected by SSL? James Barkley (Jun 23)
- Re: Should login pages be protected by SSL? Saqib Ali (Jun 23)
- Re: Should login pages be protected by SSL? Eoin Keary (Jun 24)