Network Security: Detailed info on Re: Should login pages be protected by SSL?

Subject:	Re: Should login pages be protected by SSL?
Date:	Wed, 22 Jun 2005 22:30:24 +0200 (MEST)

Subject:

Re: Should login pages be protected by SSL?

Date:

Wed, 22 Jun 2005 22:30:24 +0200 (MEST)

On Wed, 22 Jun 2005, Dave Ockwell-Jenner wrote:

!!  From a purely non-technical viewpoint: it may be a good idea for the
!! login page to be protected by SSL if for no other reason that having the
!! browser show the "padlock" symbol. It's something that non-technical,
!! non-web developer people can see and (somewhat) understand. Since they
!! are typing their password on a page, that's what many associate with -
!! "I'm not entering my password here, I don't see the padlock".

not bad in first glance
But then the secure login page uses an insecure form action=
(by design or by accident or by phishing, doesn't matter)
well, most browsers will show an alert now, but are all non-technical no-web
developers aware what really happens?
In such a case (assuming that the user is not awrae what happens, which
is not uncommon) the padlock is a fake, exactly the oposite of what it
should be.

Again, I'd vote to teach the browser developers to undoubtly inform the
user what happens, in all cases. I've the feeling that these people are more
seruity-aware than most website developers ;-)

-- Achim

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Should login pages be protected by SSL?, (continued) Re: Should login pages be protected by SSL?, Steve Shah Re: Should login pages be protected by SSL?, Amir Herzberg [summary] Re: Should login pages be protected by SSL?, Steve Shah Re: [summary] Re: Should login pages be protected by SSL?, Ole Kasper Olsen Rephrased: Should login pages be protected by SSL - although it won'thelp most users?, Amir Herzberg Re: [summary] Re: Should login pages be protected by SSL?, Devdas Bhagat Re: [summary] Re: Should login pages be protected by SSL?, Michael Silk Re: [summary] Re: Should login pages be protected by SSL?, Wolfgang Reder Re: [summary] Re: Should login pages be protected by SSL?, Michael Silk Re: Should login pages be protected by SSL?, Dave Ockwell-Jenner Re: Should login pages be protected by SSL?, Achim Hoffmann <= Re: Should login pages be protected by SSL?, Michael Silk Re: Should login pages be protected by SSL?, Andy bentley RE: Should login pages be protected by SSL?, Glenn Euloth Re: Should login pages be protected by SSL?, bluewizard83-de4gahsh Re: Should login pages be protected by SSL?, Peter Watkins Re: Should login pages be protected by SSL?, Kalyan Varma Re: Should login pages be protected by SSL?, Stefano Di Paola Re: Should login pages be protected by SSL?, Saqib Ali Message not available Re: Should login pages be protected by SSL?, Amir Herzberg Re: Should login pages be protected by SSL?, Saqib Ali

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	Re: Should login pages be protected by SSL?, Saqib Ali
Next by Date:	Re: [summary] Re: Should login pages be protected by SSL?, Ole Kasper Olsen
Previous by Thread:	Re: Should login pages be protected by SSL?, Dave Ockwell-Jenner
Next by Thread:	Re: Should login pages be protected by SSL?, Michael Silk
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

Re: Should login pages be protected by SSL?, Saqib Ali

Next by Date:

Re: [summary] Re: Should login pages be protected by SSL?, Ole Kasper Olsen

Previous by Thread:

Re: Should login pages be protected by SSL?, Dave Ockwell-Jenner

Next by Thread:

Re: Should login pages be protected by SSL?, Michael Silk

Indexes:

[Date] [Thread] [Top] [All Lists]