Wireless and Wifi Forums - View Single Post - Is that secure : <form action="https" from a local HTML page ?

#2 (**permalink**) 03-16-2007, 05:59 AM

In article <1173978867.536481.206180@d57g2000hsg.googlegroups .com>,
caolla@hotmail.com wrote:

> Hi all !
>
> I'd like some advices about SSL and HTTPS.
> Could someone tell me the difference about security between this
> cases :
>
> Let's take the yahoo mail example :
>
> 1. From a local html page on his hard drive, a user send his id/pwd
> through a form like this <form action="https://... method="post" ...
>
> that is similar to the real one on Yahoo mail login page.
>
> 2. The same but done directly from the https yahoo site.
>
> Am I wrong if I say that case 1 is not secure ?
>
> Am I wrong if I say that before considering the transaction as secure,
> the client has to be connected first one time to the server ? This
> allows the client to check the certificate, to use it to create a
> session key that is then sent to the server ? Is this process could be
> done in case 1 ?
>
> Thanks a lot in advance !!!

You're wrong. Every HTTP or HTTPS connection is independent, and the
certificate is checked each time you make a new HTTPS connection. It
doesn't matter where you came from.

--
Barry Margolin, barmar@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***