Re: is this webpage secure? - Security

This is a discussion on Re: is this webpage secure? - Security ; Proteus wrote: > I am told by people in charge at the campus where I teach that this login > page is secure, that the form login info (username, password) is secure > when sent. But the browser page (Firefox, ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Re: is this webpage secure?

  1. Re: is this webpage secure?

    Proteus wrote:

    > I am told by people in charge at the campus where I teach that this login
    > page is secure, that the form login info (username, password) is secure
    > when sent. But the browser page (Firefox, Mandriva Linux) info says the
    > page is not encrypted, not secure. Can someone clarify how such a login
    > page can securely transmit the login info? Link to login page is below:
    > http://www.lsc.edu/Online/VirtualCampusLogin.cfm


    It's secure enough. The login is handled by a client side script that
    negotiates a connection to https://lsc.ims.mnscu.edu before the login form
    data is submitted.

    I suppose it might be a tad more secure to have the page that presents the
    login form sent securely because someone might be able to "man in the
    middle" attack that page, and replace the script with a bogus one, but if
    they have that ability it's not going to be much harder to just attack the
    whole HTTPS connection anyway.

    --
    _?_ Outside of a dog, a book is a man's best friend.
    (@ @) Inside of a dog, it's too dark to read.
    -oOO-(_)--OOo-------------------------------[ Groucho Marx ]--
    grok! Registered Linux user #402208


  2. Re: is this webpage secure?

    Jeffrey F. Bloss wrote:
    > Proteus wrote:
    >
    >
    >>I am told by people in charge at the campus where I teach that this login
    >>page is secure, that the form login info (username, password) is secure
    >>when sent. But the browser page (Firefox, Mandriva Linux) info says the
    >>page is not encrypted, not secure. Can someone clarify how such a login
    >>page can securely transmit the login info? Link to login page is below:
    >>http://www.lsc.edu/Online/VirtualCampusLogin.cfm

    >
    >
    > It's secure enough. The login is handled by a client side script that
    > negotiates a connection to https://lsc.ims.mnscu.edu before the login form
    > data is submitted.
    >
    > I suppose it might be a tad more secure to have the page that presents the
    > login form sent securely because someone might be able to "man in the
    > middle" attack that page, and replace the script with a bogus one, but if
    > they have that ability it's not going to be much harder to just attack the
    > whole HTTPS connection anyway.
    >

    I missed the js login entry. All I noted was post method. Ignore my
    previous post, it apparently was in error.

    Winged

+ Reply to Thread