Ssl login form?

Question

Ssl login form?

I have SSL on my site .... When a user logs in from an http page, the form action is sent to the https page, will it be saved in the published data?

Or would it be better if the form and page were sent to both SSL?

thanks

+3

ssl

Elliott Nov 16 '09 at 21:43

source share

3 answers

, - . (Fiddler, NetMon,...) . SSL. , "lock" . , , , SSL ( ).

+3

David 16 . '09 21:55

You need to have a form page with SSL for security.

+1

Aurélien bottottini Nov 16 '09 at 21:49

source share

Adam Batkin · Accepted Answer · 2009-11-16T21:58:13+0000

is he absolutely necessary both for the page with the form, and for the page that will be transmitted to HTTPS. If the page with the form does not have HTTPS, you cannot guarantee where this form is submitted. It may not actually go to the HTTPS page (you expect your visitors to see the source), or something may have inserted some kind of malicious javascript to redirect the form to another location. However, if the form is also HTTPS, you know that it has not been modified.

Security is more than just marking the box that says “I have encryption,” it's a whole process.

( " FROM, TO HTTPS), : HTTPS ( SSL/TLS ) - , . TRUST:

, . , ,
, .

HTTPS FROM, № 2 ( FROM ), , # 1 . , - , , ?

Ssl login form?

More articles: