WebApp Sec mailing list archives
Re: Must we authenticate login forms (using SSL?)?
From: info () biledge com
Date: Thu, 29 Sep 2005 11:03:06 +0300
hi, we do authenticate login forms with SSL or not, UAE (users are everywhere) is the valid one, the attack is unavoidable. kind of hit-and-hide game. then MITM is also = UITM. if we can create a 'secure system' among all servers in the world, then we may provide security. but if clauses are jokers sometimes, i think it is better to prefer the identity based security systems. you can have SSL but user may not use https. if servers can control the use of https, then i think things would be different in terms of security (now i feel very insecure !).. i am just thinking though.. regards, billur c.
Current thread:
- Must we authenticate login forms (using SSL?)? Amir Herzberg (Sep 28)
- <Possible follow-ups>
- Re: Must we authenticate login forms (using SSL?)? info (Sep 29)
- Re: Must we authenticate login forms (using SSL?)? Antoine Martin (Sep 29)
- RE: Must we authenticate login forms (using SSL?)? Nathaniel S. H. Brown (Sep 29)
- Re: Must we authenticate login forms (using SSL?)? Peter Conrad (Sep 30)
- RE: Must we authenticate login forms (using SSL?)? Nathaniel S. H. Brown (Sep 30)
- Re: Must we authenticate login forms (using SSL?)? Rogan Dawes (Sep 30)
- Re: Must we authenticate login forms (using SSL?)? Antoine Martin (Sep 30)
- Re: Must we authenticate login forms (using SSL?)? Eoin Keary (Sep 30)
- Re: Must we authenticate login forms (using SSL?)? Antoine Martin (Sep 30)
- Re: Must we authenticate login forms (using SSL?)? Antoine Martin (Sep 29)