Thread: Is that secure : <form action="https" from a local HTML page ?
View Single Post
  #5 (permalink)  
Old 03-16-2007, 07:27 PM
Volker Birk
Guest
  
Posts: n/a
Default Re: Is that secure : <form action="https" from a local HTML page ?
caolla@hotmail.com wrote:
> In standard mode, the current page use HTTP but the action of the
> HTML form where you type your password directs you on a HTTPS page.
> So, is this secure or not ?

If you have a well checked HTTPS connection to your password form,
_before_ you're entering a password in it, you don't need to read
the HTML source code of the page to be safe from being attacked
by a MITM.

If you don't have such a well checked HTTPS connection but plain HTTP
over TCP, then you need to check the HTML source code first each time
you're wanting to use the password form. Only then you can be sure that
there is the right target URL in the form.

Yours,
VB.
--
"Terror eignet sich mehr als irgendeine andere militärische Strategie dazu, die
Bevölkerung zu manipulieren."
(Dr. Daniele Ganser, 2005)
<http://www.php.isn.ethz.ch/collections/colltopic.cfm?lng=en&id=15301>

Reply With Quote