Re: Passing data from a http page to https page. Is it secure?



Theoretically, yes, it's secure. However, what happens if at some point one
of the bad guys manages to modify your page during transmission and change
the post action to their own site? This couldn't happen if the page was
https to begin with. Many, many sites used to have this two-tier approach,
but more and more you'll find they're changing to be all https for the login
part.

Jevon


"PK" <someone@xxxxxxxxxxx> wrote in message
news:%235i5sPm6FHA.3876@xxxxxxxxxxxxxxxxxxxxxxx
> Hi All,
>
> Is it secure to post password data from a http page to an https web page?
> Can anyone use a sniffer to read the password. I have seen a couple of
> sites which have implemented similarly.
> Ex: Yahoo Login page has 2 modes Standard and Secure. When I checked the
> standard mode the login page was an http one, but the data is being posted
> to an https location something like this
> https://login.yahoo.com/config/login_verify2?
> and later it gets redirected to something like this
> http://my.yahoo.com/
>
> If it is posting to a https page in standard mode then what is the
> difference in secure and standard mode. oops!! I am kind of asking about
> yahoo's implementation. Its ok if someone answers my first question.
>
> Thanks
> -PK
>


.



Relevant Pages

  • LOGIN INFO secure at wwww.americanexpress.CA?
    ... secure page which causes the lock symbol to be displayed in the status ... That is the difference which caused the login page ... even though the page itself is not https. ... of a lock in the login region. ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: Secure Login Form
    ... HTTPS should definitely be used, this web form isn't secure otherwise ... I'd recommend php, as it's server side so you are processing ... login form. ...
    (Security-Basics)
  • Re: https-Question
    ... If the form is submitted to a HTTPS address then the form data will arrive securely, but there is another issue with using insecure login pages like this. ... It's good practice to have both the login page and the page you submit to fully secure ...
    (comp.infosystems.www.authoring.html)
  • Re: is this webpage secure?
    ... >> I am told by people in charge at the campus where I teach that this login ... >> page is secure, that the form login info is secure ... | via ssl, port 443). ... I just used Ethereal and the packet decode does show https to 199.17.13.240 ...
    (alt.computer.security)
  • Re: is this webpage secure?
    ... >> I am told by people in charge at the campus where I teach that this login ... >> page is secure, that the form login info is secure ... | via ssl, port 443). ... I just used Ethereal and the packet decode does show https to 199.17.13.240 ...
    (comp.os.linux.security)