WebApp Sec mailing list archives

Re: Growing Bad Practice with Login Forms

From: Merlijn Tishauser <merlijn () begeleidingentraining nl>
Date: Tue, 27 Jul 2004 18:13:39 +0200


On 27-jul-04, at 17:08, Dan C Crawford wrote:

I just ran a packet capture of logging into a service that uses anearly
identical form as found on ISACA. It definitely setup the secure SSL
connection prior to transmitting my logon data.


I had to design my own loginform couple of weeks ago.
I was puzzled by the same question as the original poster was.

But I totally agree with the sender above.
I set up ethereal on both my webserver as on a client.

Er was absolutely no exchange of login data before the SSL handshake orafter cancellation of the transaction.



my 0.02 cents

Merlijn

Current thread:

Re: Growing Bad Practice with Login Forms, (continued)
- Re: Growing Bad Practice with Login Forms Ian (Jul 27)
  - RE: Growing Bad Practice with Login Forms Dan C Crawford (Jul 27)
    - successful anonymous login Jose Rivera (Jul 27)
    - Re: successful anonymous login Adam Tuliper (Jul 27)
    - RE: successful anonymous login Jose Rivera (Jul 27)
    - Re: successful anonymous login Adam Tuliper (Jul 27)
    - RE: successful anonymous login Jose Rivera (Jul 27)
    - RE: successful anonymous login dave kleiman (Jul 27)
    - RE: successful anonymous login Yaakov Yehudi (Jul 28)
    - RE: successful anonymous login V. Poddubnyy (Jul 27)
    - Re: Growing Bad Practice with Login Forms Merlijn Tishauser (Jul 27)
    - RE: Growing Bad Practice with Login Forms Mark Curphey (Jul 27)
- Re: Growing Bad Practice with Login Forms Rogan Dawes (Jul 27)
- Re: Growing Bad Practice with Login Forms Andrew Steingruebl (Jul 27)
- RE: Growing Bad Practice with Login Forms Thomas Schreiber (Jul 27)
  - RE: Growing Bad Practice with Login Forms Yvan Boily (Jul 27)
    - Re: Growing Bad Practice with Login Forms Toro, Daniel (Jul 27)
    - Re: Growing Bad Practice with Login Forms Jason Coombs PivX Solutions (Jul 27)
    - Re: Growing Bad Practice with Login Forms Stephen de Vries (Jul 28)
    - Re: Growing Bad Practice with Login Forms Jason Coombs PivX Solutions (Jul 29)
    - Re: Growing Bad Practice with Login Forms David Wall @ Yozons, Inc. (Jul 29)

(Thread continues...)