WebApp Sec mailing list archives
Re: Should login pages be protected by SSL?
From: Saqib Ali <docbook.xml () gmail com>
Date: Mon, 27 Jun 2005 09:38:08 -0700
Could you explain for me what the insecurity is in REFRESH meta tags?
I have nothing against META REFRESH :) . It is just that using them for redirecting the users from http:// to https:// is a bad bad design. The Meta referesh tag can be intercepted, or stopped completely. Plus, the execution of the META tags depends on the browser, and not the server. You would have to make sure that you put REFERESH on all the web pages for something that can be easily done using one URL rewrite statement on the webserver. -- In Peace, Saqib Ali http://www.xml-dev.com/
Current thread:
- RE: Should login pages be protected by SSL?, (continued)
- RE: Should login pages be protected by SSL? Hellman, Matthew (Jun 24)
- RE: Should login pages be protected by SSL? Simon Zuckerbraun (Jun 25)
- RE: Should login pages be protected by SSL? bluewizard83-de4gahsh (Jun 27)
- RE: Should login pages be protected by SSL? Michael Tsentsarevsky (Jun 26)
- Re: Should login pages be protected by SSL? Yanglei (Jun 26)
- Re: Should login pages be protected by SSL? Michael Silk (Jun 26)
- RE: Should login pages be protected by SSL? dave kleiman (Jun 26)
- RE: Should login pages be protected by SSL? Lyal Collins (Jun 27)
- RE: Should login pages be protected by SSL? dave kleiman (Jun 27)
- Re: Should login pages be protected by SSL? warnings (Jun 28)
- Re: Should login pages be protected by SSL? Yanglei (Jun 26)
- Re: Should login pages be protected by SSL? Saqib Ali (Jun 27)
- RE: Should login pages be protected by SSL? Ernest Nelson (Jun 27)
- Re: Should login pages be protected by SSL? Lucas Holt (Jun 30)
- Re: Should login pages be protected by SSL? Saqib Ali (Jun 30)