[7518] in cryptography@c2.net mail archive
Re: https / http
daemon@ATHENA.MIT.EDU (Brian Caswell)
Fri Jul 21 11:04:16 2000
Message-ID: <39783E37.E6FE98CF@mitre.org>
Date: Fri, 21 Jul 2000 08:12:39 -0400
From: Brian Caswell <bmc@mitre.org>
MIME-Version: 1.0
To: SteveC <steve@fractalus.com>
Cc: cryptography@c2.net
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
SteveC wrote:
>
> I was looking at www.barclaycard.co.uk and trying to logon today when
> internet explorer said "show the non secure stuff?" and I said no. the
> actual login/password bit then dissapeared.
>
> I assume this meant the pretty graphics were https secure but the actual
> login wasn't?
>
> So how can I be absolutely sure a http request is secure?
>
> A quick look at the html, and I couldn't see why it should not be https.
>
> SteveC steve@fractalus.com icq #14047829
> www.fractalus.com/fracsaver
I would take a look at how the actual <form> is generated.
if the action is pointing to some https webserver, then the username and
password
should be encrypted.
most likely what is happening is that the html that you enter in your
user info
into is on a non ssl webserver, while the actual authentication is.
--
Brian Caswell
