WebApp Sec mailing list archives

Re: Should login pages be protected by SSL?

From: Saqib Ali <docbook.xml () gmail com>
Date: Tue, 21 Jun 2005 07:15:08 -0700

In my opinion protecting the login using SSL is  a good idea, and I do
it myself. However it does not prevent from phishing etc. A phishing
site owner can easily get a SSL protected website as well.

I think a better approach is to use Netcraft Anti-Phishing toolbar <
http://toolbar.netcraft.com/ >

It clearly displays sites' hosting location, including country,
helping you to evaluate fraudulent urls (e.g. the real citibank.com or
barclays.co.uk sites are unlikely to be hosted in the former Soviet
Union).

-- 
In Peace,
Saqib Ali
http://www.xml-dev.com/

Current thread:

Re: [summary] Re: Should login pages be protected by SSL?, (continued)
- - - Re: [summary] Re: Should login pages be protected by SSL? Michael Silk (Jun 24)
    - Re: Should login pages be protected by SSL? Dave Ockwell-Jenner (Jun 22)
    - Re: Should login pages be protected by SSL? Achim Hoffmann (Jun 23)
- Re: Should login pages be protected by SSL? Michael Silk (Jun 20)
- Re: Should login pages be protected by SSL? Andy bentley (Jun 20)
  - RE: Should login pages be protected by SSL? Glenn Euloth (Jun 21)
- Re: Should login pages be protected by SSL? bluewizard83-de4gahsh (Jun 21)
  - Re: Should login pages be protected by SSL? Peter Watkins (Jun 21)
- Re: Should login pages be protected by SSL? Kalyan Varma (Jun 21)
- Re: Should login pages be protected by SSL? Stefano Di Paola (Jun 21)
- Re: Should login pages be protected by SSL? Saqib Ali (Jun 21)
- Message not available
  - Re: Should login pages be protected by SSL? Amir Herzberg (Jun 21)
    - Re: Should login pages be protected by SSL? Saqib Ali (Jun 21)
    - Re: Should login pages be protected by SSL? Ian Rogers (Jun 21)
    - Re: Should login pages be protected by SSL? Amir Herzberg (Jun 21)
    - Re: Should login pages be protected by SSL? Achim Hoffmann (Jun 21)
- RE: Should login pages be protected by SSL? maburns (Jun 20)
  - Re: Should login pages be protected by SSL? Amir Herzberg (Jun 21)
    - Re: Should login pages be protected by SSL? Torsten Mueller (Jun 21)
    - RE: Should login pages be protected by SSL? Almerindo Graziano (Jun 21)
    - Webapp-level protection/detection of Pharming attacks WebAppSecurity [Technicalinfo.net] (Jun 21)

(Thread continues...)