Web Page Security ? - Mozilla

This is a discussion on Web Page Security ? - Mozilla ; This might be the wrong place, but since I'm using SM 1.1.2... The log in web page for my bank does not look secure to me. It's URL begins with 'http:', not 'https:' and the lock in the lower right ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: Web Page Security ?

  1. Web Page Security ?

    This might be the wrong place, but since I'm using SM 1.1.2...

    The log in web page for my bank does not look secure to me. It's URL
    begins with 'http:', not 'https:' and the lock in the lower right is
    not locked. It does have a lock above the userid box and clicking on
    this lock opens a new box with this message:

    Online Security

    Secure homepage login
    The privacy and security of your personal information online is highly
    important to us. When you login to OnLine Access on our home page, we
    secure your ID and password through the use of Secure Sockets Layer
    (SSL) technology. We encrypt your User ID and password to ensure your
    information is unreadable as it passes over the Internet.


    I've written the bank asking about this and their response is "it's
    secure." Can a page without the 'https:' and locked lock that asks
    for information still be secure?

    Many thanks for any information.


  2. Re: Web Page Security ?

    nr wrote:
    > Can a page without the 'https:' and locked lock that asks
    > for information still be secure?


    Sure, if the information is sent to a secure site (https), your
    credentials are submitted securely. You could verify that prior to
    submitting the form by viewing the HTML source of the page. Having the
    login page within the secure zone has little benefit from a technical
    point of view. It only gives better feedback to the user since the
    average browser (with default settings) will warn you if you leave the
    secure zone.

    Greetings,

    Jens

    --
    Jens Hatlak
    SeaMonkey Trunk Tracker

  3. Re: Web Page Security ?

    On 7/17/2007 11:17 AM, nr wrote:
    > This might be the wrong place, but since I'm using SM 1.1.2...
    >
    > The log in web page for my bank does not look secure to me. It's URL
    > begins with 'http:', not 'https:' and the lock in the lower right is
    > not locked. It does have a lock above the userid box and clicking on
    > this lock opens a new box with this message:
    >
    > Online Security
    >
    > Secure homepage login
    > The privacy and security of your personal information online is highly
    > important to us. When you login to OnLine Access on our home page, we
    > secure your ID and password through the use of Secure Sockets Layer
    > (SSL) technology. We encrypt your User ID and password to ensure your
    > information is unreadable as it passes over the Internet.
    >
    >
    > I've written the bank asking about this and their response is "it's
    > secure." Can a page without the 'https:' and locked lock that asks
    > for information still be secure?
    >
    > Many thanks for any information.
    >


    By any chance, do you bank at California Oaks State Bank? See my
    .

    CalOaks' Web developer (an outside service) claims that the use of a
    secure JavaScript interface provides security. That is strongly
    debatable.

    Since CalOaks split the password input from the user ID input onto
    separate pages, the password is now input on a secure HTTPS page.

    I've never really felt that user IDs were secure. Instead, I've focused
    on the security of my passwords. This is apparently echoed in the
    design of SeaMonkey's Password Manager, which freely displays user IDs
    but requires my master password before it will display my passwords.

    --

    David E. Ross
    .

    Anyone who thinks government owns a monopoly on inefficient, obstructive
    bureaucracy has obviously never worked for a large corporation. 1997

  4. Re: Web Page Security ?

    nr wrote:
    > This might be the wrong place, but since I'm using SM 1.1.2...
    >
    > The log in web page for my bank does not look secure to me. It's URL
    > begins with 'http:', not 'https:' and the lock in the lower right is
    > not locked. It does have a lock above the userid box and clicking on
    > this lock opens a new box with this message:
    >
    > Online Security
    >
    > Secure homepage login
    > The privacy and security of your personal information online is highly
    > important to us. When you login to OnLine Access on our home page, we
    > secure your ID and password through the use of Secure Sockets Layer
    > (SSL) technology. We encrypt your User ID and password to ensure your
    > information is unreadable as it passes over the Internet.
    >
    >
    > I've written the bank asking about this and their response is "it's
    > secure." Can a page without the 'https:' and locked lock that asks
    > for information still be secure?
    >
    >

    BEWARE!

+ Reply to Thread