Re: Passing data from a http page to https page. Is it secure?



Theoretically, yes, it's secure. However, what happens if at some point one
of the bad guys manages to modify your page during transmission and change
the post action to their own site? This couldn't happen if the page was
https to begin with. Many, many sites used to have this two-tier approach,
but more and more you'll find they're changing to be all https for the login
part.

Jevon


"PK" <someone@xxxxxxxxxxx> wrote in message
news:%235i5sPm6FHA.3876@xxxxxxxxxxxxxxxxxxxxxxx
> Hi All,
>
> Is it secure to post password data from a http page to an https web page?
> Can anyone use a sniffer to read the password. I have seen a couple of
> sites which have implemented similarly.
> Ex: Yahoo Login page has 2 modes Standard and Secure. When I checked the
> standard mode the login page was an http one, but the data is being posted
> to an https location something like this
> https://login.yahoo.com/config/login_verify2?
> and later it gets redirected to something like this
> http://my.yahoo.com/
>
> If it is posting to a https page in standard mode then what is the
> difference in secure and standard mode. oops!! I am kind of asking about
> yahoo's implementation. Its ok if someone answers my first question.
>
> Thanks
> -PK
>


.