On Mon, Jun 20, 2005 at 11:28:14PM -0700, bluewizard83-de4gahsh@yahoo.com wrote:
-- Amir Herzberg <herzbea@macs.biu.ac.il> wrote:
Here is a simple question: should web login forms be always protected
by SSL?
Let me check to see if I understand what you are asking. Do you mean
something like:
login form at http://www.site.org/login.html with a login form that
submits to something like https://secure.site.org/auth.cgi?
In my opinion the login form doesn't need to be protected with SSL, but
the form MUST submit to a SSL protected page if there is any data of
any value being transmitted.
I think Amir has a good point, though it's not always black-and-white.
As a crypto/security expert, my answer is yes. I think this is
necessary, to protect against MITM attacks, as well as from the more
common and easy phishing, pharming, and other forms of spoofing
attacks,
I don't see how SSL-protecting the login form would protect you from
MITM attacks if the form is submitting to a SSL protected page.
A MITM attack would, presumably, substitute the http-served "login form"
with a lookalike that did something slightly different, perhaps something
as subtle as copy/transmit the credentials to the attacker's site *before*
allowing the victim's browser to transmit them to the https processing URL.
Lots of sites embed little username/password boxes on their http pages,
and I generally agree with Amir that those layouts are dangerous. At least
offer the users a "secure login" link that'll take them to an https URL
with a recognized & reputable domain name, etc.
On sites I'm responsible for, there's a dedicated Single Sign On app on
a single https URL -- not as quick as the username/password embedded in
the http page, but I don't have to worry so much about MITM/phishing/XSS
spoofs fooling our users into having their credentials phished.
-Peter
