WebApp Sec mailing list archives

Re: Defending users of unprotected login pages with TrustBar 0.4.9.93

From: mike03051 () yahoo com
Date: 19 Sep 2005 12:19:12 -0000


Amir,

I visted your web site. IMHO, This issue you bring up is worthy of debate within this forum. 

I could be mistaken but I think that many sites you list do really implement SSL (https) secure logon. For example, you 
list Smith Barney. One accesses their site using HTTP, but their form is implemented using HTTPS.

Now the way I understand this should work is that the form target is a POST to https://url.com. The browsers is then 
required to open an SSL connection to the server and send the form data through the encrypted channel.

Maybe you or someone on this forum can confirm or correct my understanding.

Mike Peters





I have not looked at all of your hall of shame sites listed there, but for many

Current thread:

Defending users of unprotected login pages with TrustBar 0.4.9.93 Amir Herzberg (Sep 19)
- <Possible follow-ups>
- Re: Defending users of unprotected login pages with TrustBar 0.4.9.93 mike03051 (Sep 19)
  - Re: Defending users of unprotected login pages with TrustBar 0.4.9.93 Nathan Jackson-Eeles (Sep 19)
- Re: Defending users of unprotected login pages with TrustBar 0.4.9.93 J. Lambrecht (Sep 19)
- Re: Re: Defending users of unprotected login pages with TrustBar 0.4.9.93 mike03051 (Sep 19)
  - Re: Re: Defending users of unprotected login pages with TrustBar 0.4.9.93 Peter Conrad (Sep 20)
- Re: Re: Defending users of unprotected login pages with TrustBar 0.4.9.93 mike03051 (Sep 20)