|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Non SSL Bank Login Forms
From: Wil Clouser (clouserw
gmail.com)
Date: Fri May 19 2006 - 00:07:50 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi John,
The form itself is not sent over a secure connection, but the action
of the form points to a secure destination. Since the browser
initiates the request to the destination (and that connection is using
SSL), the POST will be sent securely.
Wil
On 18 May 2006 14:57:49 -0000, wilson.amajohngmail.com
<wilson.amajohngmail.com> wrote:
> Hello all, my question is how can a form have a field that is secure without using SSL. From my web programming experience I cannot understand a Bank's claim that their login form is secure when there is no SSL used. "Signing on to secure sites from an unsecure page is a common industry practice" The POST data has to get to the server if SSL is not used how can they claim it is secure? I hope I have clarified my question enough
>
> Thanks
>
> John
>
> -------------------------------------------------------------------------
> Sponsored by: Watchfire
>
> Watchfire named worldwide market share leader in web application security
> assessment by leading market research firm. Watchfire's AppScan is the
> industry's first and leading web application security testing suite, and
> the only solution to provide comprehensive remediation tasks at every
> level of the application. See for yourself.
> Download a Free Trial of AppScan 6.0 today!
>
> https://www.watchfire.com/securearea/appscansix.aspx?id=701300000007t9c
> --------------------------------------------------------------------------
>
>
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]