Basic password security question

O

Opa

Hi all,
I was asked today if setting textmode="password" of a textbox control
was secure over http. I assumed that the browser does encryption before
sending it over the wire. Why aren't most login screen forms sent over https?
Is my assumption about the browser providing encryption on special input
fields true? Can anyone explain?

Thanks,

Opa
 
J

Joe Kaplan

No. You should look at the wire traffic. That is just for the UI displayed
by the browser.

If you are doing a secure site where you will be collecting data like
passwords and potentially using cookies for authentication, you must use
SSL.

Joe K.
 
O

Opa

Hi Joe,

I will be securing the rest of my site with ssl, however I'm referring only
to my login page. A lot of sites , including my bank have a login page
over http and once I am logged in, the remainder of the pages are over
https. How do they secure the password in that case?
 
D

Dominick Baier

Look at the pages - they (should) never post that form over HTTP - usually
the login form posts to an HTTPS address....

You need SSL - and if you have it for the rest of your site, why not for
you login page too?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,483
Members
44,902
Latest member
Elena68X5

Latest Threads

Top