Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Password Security

Status
Not open for further replies.
Brit

Brit

Programmer
May 15, 2001
15
US
I have noticed a number of internet sites have the userid/password login screens on secure (https) pages while some sites have the login on a non-secure page that posts to a secure page. Is there a difference?

Does the browser encrypt all posts to secure pages even if the originating page is not secure?

Any help is appreciated.
 
Sort by date Sort by votes
Here is the deal.
If you have a login page (or any page for that matter) that is not a secure page, the browser sends the form information back to the server as plain text, regardless of what security is on the next page. That means that anyone on the same network using a packet sniffer can easily read the username/password straight out of the packet because it is not encrypted at all.
If the login page is secured, then the form info is sent encrypted and cannot be read.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Swi
  • Locked
  • Question
Password Saving
Replies
3
Views
127
ChrisHirst
ChrisHirst
EricBCA
  • Locked
  • Question
Is it possible for ASP to connect to SQL Server via ODBC without a password
Replies
1
Views
106
ChrisHirst
ChrisHirst
PaulSc
  • Locked
  • Question
Some help please - asp/javascript security
Replies
2
Views
129
BigRed1212
BigRed1212
wvdba
  • Locked
  • Question
URL parms security issue?
Replies
9
Views
135
vicvirk
vicvirk
fmrock
  • Locked
  • Question
Password Encryption + change every 90 Days 1
Replies
5
Views
134
vicvirk
vicvirk

Part and Inventory Search

Sponsor

Back
Top