|
|
Posted by Benjamin Niemann on 11/28/05 12:39
Sparticus wrote:
> Hmm... so if that's the case, then when I click 'submit' on the
> website, the website must see that the form 'action' is a secure site.
> So when it see's this, it then makes a secure connection with that
> site... then it sends over the encrypted data?
>
> can anyone else verify this is how it works?
Yep, I do ;)
> I need to know because I
> am making a website that needs to have the password sent via a html
> form secure.
>
> I noticed when you go to bank websites, or even gmail (google's mail)
> the login page is already a secure site.
>
> That's why I'm wondering if there is something I'm missing.
If the page containing the form is served using HTTPS, the user can see this
(lock icon). The user won't see how his data is sent after submitting the
form (some browsers tell you about it "... you are sending data
unencrypted..." - but this message can be disabled) - a 'lock icon' for
submit buttons might be a nice idea, but you'll have to tell this to
browser manufacturers...
User may feel more secure, if the document with the form has 'lock icon' -
but thinking that this implies that their data is sent securely is wrong.
You should tell the users that their data is sent encrypted (some people
think the 'lock icon' does this job, but this is wrong as said above) -
they have to trust you anyway, unless they analyse the document source
themselves.
--
Benjamin Niemann
Email: pink at odahoda dot de
WWW: http://www.odahoda.de/
Navigation:
[Reply to this message]
|