WebApp Sec mailing list archives
Re: Growing Bad Practice with Login Forms
From: Merlijn Tishauser <merlijn () begeleidingentraining nl>
Date: Tue, 27 Jul 2004 18:13:39 +0200
On 27-jul-04, at 17:08, Dan C Crawford wrote:
I just ran a packet capture of logging into a service that uses a nearlyidentical form as found on ISACA. It definitely setup the secure SSL connection prior to transmitting my logon data.
I had to design my own loginform couple of weeks ago. I was puzzled by the same question as the original poster was. But I totally agree with the sender above. I set up ethereal on both my webserver as on a client.Er was absolutely no exchange of login data before the SSL handshake or after cancellation of the transaction.
my 0.02 cents Merlijn
Current thread:
- Re: Growing Bad Practice with Login Forms, (continued)
- Re: Growing Bad Practice with Login Forms Ian (Jul 27)
- RE: Growing Bad Practice with Login Forms Dan C Crawford (Jul 27)
- successful anonymous login Jose Rivera (Jul 27)
- Re: successful anonymous login Adam Tuliper (Jul 27)
- RE: successful anonymous login Jose Rivera (Jul 27)
- Re: successful anonymous login Adam Tuliper (Jul 27)
- RE: successful anonymous login Jose Rivera (Jul 27)
- RE: successful anonymous login dave kleiman (Jul 27)
- RE: successful anonymous login Yaakov Yehudi (Jul 28)
- RE: Growing Bad Practice with Login Forms Dan C Crawford (Jul 27)
- Re: Growing Bad Practice with Login Forms Ian (Jul 27)
- RE: successful anonymous login V. Poddubnyy (Jul 27)
- Re: Growing Bad Practice with Login Forms Merlijn Tishauser (Jul 27)
- RE: Growing Bad Practice with Login Forms Mark Curphey (Jul 27)
- RE: Growing Bad Practice with Login Forms Yvan Boily (Jul 27)
- Re: Growing Bad Practice with Login Forms Toro, Daniel (Jul 27)
- Re: Growing Bad Practice with Login Forms Jason Coombs PivX Solutions (Jul 27)
- Re: Growing Bad Practice with Login Forms Stephen de Vries (Jul 28)
- Re: Growing Bad Practice with Login Forms Jason Coombs PivX Solutions (Jul 29)
- Re: Growing Bad Practice with Login Forms David Wall @ Yozons, Inc. (Jul 29)