WebApp Sec mailing list archives

Re: Must we authenticate login forms (using SSL?)?

From: info () biledge com
Date: Thu, 29 Sep 2005 11:03:06 +0300

hi,

we do authenticate login forms with SSL or not, UAE (users  are everywhere) is
the valid one, the attack is unavoidable. kind of hit-and-hide game. then MITM is also = UITM.

if we can create a 'secure system' among all servers in the world, then we may provide
security. but if clauses are jokers sometimes, i think it is better to prefer the identity based 
security systems. you can have SSL but user may not use https. if servers can control the use 
of https, then i think things would be different in terms of security (now i feel very insecure !)..
i am just thinking though..

regards,

billur c.

Current thread:

Must we authenticate login forms (using SSL?)? Amir Herzberg (Sep 28)
- <Possible follow-ups>
- Re: Must we authenticate login forms (using SSL?)? info (Sep 29)
  - Re: Must we authenticate login forms (using SSL?)? Antoine Martin (Sep 29)
    - RE: Must we authenticate login forms (using SSL?)? Nathaniel S. H. Brown (Sep 29)
    - Re: Must we authenticate login forms (using SSL?)? Peter Conrad (Sep 30)
    - RE: Must we authenticate login forms (using SSL?)? Nathaniel S. H. Brown (Sep 30)
    - Re: Must we authenticate login forms (using SSL?)? Rogan Dawes (Sep 30)
    - Re: Must we authenticate login forms (using SSL?)? Antoine Martin (Sep 30)
    - Re: Must we authenticate login forms (using SSL?)? Eoin Keary (Sep 30)
    - Re: Must we authenticate login forms (using SSL?)? Antoine Martin (Sep 30)
- Re: Must we authenticate login forms (using SSL?)? mike03051 (Sep 29)