A public forum for discussing the design of software, from the user interface to the code architecture. Now closed.
If I have a form which is not https but which has an action to access a https method, will the information I send be secure? It was my understanding that the form you were in needed to be https.
For example, check out http://www.chase.com
There is a user login in. Because this form is not http (but the action is), will the username and password I submit be SSL protected?
Yes, the data that they submit will be encrypted, even if the form they're entering it on wasn't delivered to them encrypted.
However, most people have been trained to look for the secure "lock" icon on their browser, and may be hesitant to put personal data on a form that doesn't have it, so send the submission form via SSL as well so they're happy.
Wednesday, December 12, 2007
It will be protected as xampl said, but there's no guarantee that the unsecured page with the login form originated from a trusted source, or was not tampered with in transit.
Having an unsecured login page is bad practice for sensitive sites, period. That doesn't mean it isn't featured in the wild quite a bit.
This topic is archived. No further replies will be accepted.Other recent topics
Powered by FogBugz