WebApp Sec mailing list archives
RE: Should login pages be protected by SSL?
From: "Cowles, Robert D." <rdc () slac stanford edu>
Date: Tue, 21 Jun 2005 11:32:29 -0700
-----Original Message----- From: Glenn Euloth [mailto:eulothg () hfx eastlink ca]
You can't, however, expect your grandmother to properly configure her browser to be highly secure just to log in to a web-based forum where she can post her favourite blueberry pie recipe. If someone breaks into her account does it really matter? And why would someone bother in the first place? Where's the value in breaking in to such an account?
There may not be an advantage in breaking into that account but consider that when grandmother registered at the web site she probably picked the same userid and password and password hint as she has at lots of other sites .. some of which might be higher value (storing financial information like credit card numbers or banking information). In fact, it seems to be ignored that a wonderful way to collect userid/password combinations is just to put up a web site and ask people to register to access the content. I would be willing to be that a fairly high percentage of people don't take care to consistently use a different password, in any case, from the high-value sites. Bob Cowles
Current thread:
- Re: Should login pages be protected by SSL?, (continued)
- Re: Should login pages be protected by SSL? Achim Hoffmann (Jun 21)
- RE: Should login pages be protected by SSL? maburns (Jun 20)
- Re: Should login pages be protected by SSL? Amir Herzberg (Jun 21)
- Re: Should login pages be protected by SSL? Torsten Mueller (Jun 21)
- RE: Should login pages be protected by SSL? Almerindo Graziano (Jun 21)
- Webapp-level protection/detection of Pharming attacks WebAppSecurity [Technicalinfo.net] (Jun 21)
- Re: Should login pages be protected by SSL? Amir Herzberg (Jun 21)
- Re: Should login pages be protected by SSL? Steve Shah (Jun 21)
- Re: Should login pages be protected by SSL? Amir Herzberg (Jun 21)
- Re: Should login pages be protected by SSL? Steve Shah (Jun 21)
- RE: Should login pages be protected by SSL? Glenn Euloth (Jun 22)
- Re: Should login pages be protected by SSL? James Barkley (Jun 23)
- Re: Should login pages be protected by SSL? Saqib Ali (Jun 23)
- Re: Should login pages be protected by SSL? Eoin Keary (Jun 24)