Network Security: Detailed info on Re: Should login pages be protected by SSL?

Subject:	Re: Should login pages be protected by SSL?
Date:	Wed, 22 Jun 2005 07:05:09 -0400

Subject:

Re: Should login pages be protected by SSL?

Date:

Wed, 22 Jun 2005 07:05:09 -0400

From a purely non-technical viewpoint: it may be a good idea for the login page to be protected by SSL if for no other reason that having the browser show the "padlock" symbol. It's something that non-technical, non-web developer people can see and (somewhat) understand. Since they are typing their password on a page, that's what many associate with - "I'm not entering my password here, I don't see the padlock".

Amir Herzberg wrote:

There may be some argument even in this case (privacy, tendency of users to use same passwords, ...). But this was _not_ my intent. I may not have been clear, but I am interested in sensitive sites - financial, shopping, security (CA, DNS, SSO, Portals, etc.). As you can see in my `Hall of Shame` http://AmirHerzberg.com/shame.html, many of these don't use SSL to authenticate the login page, only to encrypt the password (when using a correct login page).

So, the real question I'm asking: should login pages to sensitive (e.g. financial) sites be protected by SSL?

--
Dave Ockwell-Jenner
Solar Nexus Solutions
http://www.solar-nexus.com/

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Should login pages be protected by SSL? (and comment to moderator), (continued) Re: Should login pages be protected by SSL? (and comment to moderator), Amir Herzberg Re: Should login pages be protected by SSL?, Steve Shah Re: Should login pages be protected by SSL?, Amir Herzberg [summary] Re: Should login pages be protected by SSL?, Steve Shah Re: [summary] Re: Should login pages be protected by SSL?, Ole Kasper Olsen Rephrased: Should login pages be protected by SSL - although it won'thelp most users?, Amir Herzberg Re: [summary] Re: Should login pages be protected by SSL?, Devdas Bhagat Re: [summary] Re: Should login pages be protected by SSL?, Michael Silk Re: [summary] Re: Should login pages be protected by SSL?, Wolfgang Reder Re: [summary] Re: Should login pages be protected by SSL?, Michael Silk Re: Should login pages be protected by SSL?, Dave Ockwell-Jenner <= Re: Should login pages be protected by SSL?, Achim Hoffmann Re: Should login pages be protected by SSL?, Michael Silk Re: Should login pages be protected by SSL?, Andy bentley RE: Should login pages be protected by SSL?, Glenn Euloth Re: Should login pages be protected by SSL?, bluewizard83-de4gahsh Re: Should login pages be protected by SSL?, Peter Watkins Re: Should login pages be protected by SSL?, Kalyan Varma Re: Should login pages be protected by SSL?, Stefano Di Paola Re: Should login pages be protected by SSL?, Saqib Ali Message not available Re: Should login pages be protected by SSL?, Amir Herzberg

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	RE: Should login pages be protected by SSL?, Glenn Euloth
Next by Date:	OWASP Ireland Meeting, Eoin Keary
Previous by Thread:	Re: [summary] Re: Should login pages be protected by SSL?, Michael Silk
Next by Thread:	Re: Should login pages be protected by SSL?, Achim Hoffmann
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

RE: Should login pages be protected by SSL?, Glenn Euloth

Next by Date:

OWASP Ireland Meeting, Eoin Keary

Previous by Thread:

Re: [summary] Re: Should login pages be protected by SSL?, Michael Silk

Next by Thread:

Re: Should login pages be protected by SSL?, Achim Hoffmann

Indexes:

[Date] [Thread] [Top] [All Lists]