Re: is this webpage secure? - Security

This is a discussion on Re: is this webpage secure? - Security ; On Tue, 29 Nov 2005 11:12:05 -0600, Proteus wrote: >I am told by people in charge at the campus where I teach that this login >page is secure, that the form login info (username, password) is secure >when sent. But ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: Re: is this webpage secure?

  1. Re: is this webpage secure?

    On Tue, 29 Nov 2005 11:12:05 -0600, Proteus
    wrote:

    >I am told by people in charge at the campus where I teach that this login
    >page is secure, that the form login info (username, password) is secure
    >when sent. But the browser page (Firefox, Mandriva Linux) info says the
    >page is not encrypted, not secure. Can someone clarify how such a login
    >page can securely transmit the login info? Link to login page is below:
    >http://www.lsc.edu/Online/VirtualCampusLogin.cfm


    Some times the page has to be opened in a new window to see the actual
    encrypted (SSL) page, but it all depends on how the set up is made, if
    you open in a new window and you don't see the SSL, I wouldn't trust
    it.

    Regards
    >



  2. Re: is this webpage secure?

    On Wed, 30 Nov 2005 23:52:52 -0800, traveler
    wrote:

    >On Tue, 29 Nov 2005 11:12:05 -0600, Proteus
    >wrote:
    >
    >>I am told by people in charge at the campus where I teach that this login
    >>page is secure, that the form login info (username, password) is secure
    >>when sent. But the browser page (Firefox, Mandriva Linux) info says the
    >>page is not encrypted, not secure. Can someone clarify how such a login
    >>page can securely transmit the login info? Link to login page is below:
    >>http://www.lsc.edu/Online/VirtualCampusLogin.cfm

    >
    >Some times the page has to be opened in a new window to see the actual
    >encrypted (SSL) page, but it all depends on how the set up is made, if
    >you open in a new window and you don't see the SSL, I wouldn't trust
    >it.


    Its badly designed as although it is secure, it does not look that way
    to the user.
    --
    Jim Watt
    http://www.gibnet.com

  3. Re: is this webpage secure?

    traveler writes:

    >On Tue, 29 Nov 2005 11:12:05 -0600, Proteus
    >wrote:


    >>I am told by people in charge at the campus where I teach that this login
    >>page is secure, that the form login info (username, password) is secure
    >>when sent. But the browser page (Firefox, Mandriva Linux) info says the
    >>page is not encrypted, not secure. Can someone clarify how such a login
    >>page can securely transmit the login info? Link to login page is below:
    >>http://www.lsc.edu/Online/VirtualCampusLogin.cfm


    >Some times the page has to be opened in a new window to see the actual
    >encrypted (SSL) page, but it all depends on how the set up is made, if
    >you open in a new window and you don't see the SSL, I wouldn't trust
    >it.


    Here is the line

    width="250"> action="https://lsc.ims.mnscu.edu/d2l/Tools/login/doLogin.asp"
    method="post" name="processLogonForm">
    for="userName">Username:   name="userName" size="10"/>

    for="password">Password:    name="password" size="10" type="password"/>

    type="submit"/>



    (all one line in the original). I do not know if the data gets sent to
    that https://lsc.ims.mnscu.edu/d2l/Tools/login/doLogin.asp page before of after https is invoked.


    >Regards
    >>



  4. Re: is this webpage secure?

    "Unruh" wrote in message
    news:dmnav9$t7u$2@nntp.itservices.ubc.ca

    > Here is the line
    >
    > > width="250"> > action="https://lsc.ims.mnscu.edu/d2l/Tools/login/doLogin.asp"
    > method="post" name="processLogonForm">
    > for="userName">Username:   > name="userName" size="10"/>

    > for="password">Password:    > id="password"
    > name="password" size="10" type="password"/>

    > name="Login" type="submit"/>
    > class="toplinks"> > href="login.cfm">having problems?


    >
    >

    > (all one line in the original). I do not know if the data gets sent
    > to that https://lsc.ims.mnscu.edu/d2l/Tools/login/doLogin.asp
    > page before of after https is invoked.


    Ethereal shows quite plainly that the data are sent after the https (SSL) is
    invoked, but the data are NOT (repeat NOT) encrypted. They are sent as clear
    text userName/password to port 443 of the https server.


  5. Re: is this webpage secure?

    On 2005-12-01, Jim Watt wrote:
    > On Wed, 30 Nov 2005 23:52:52 -0800, traveler
    > wrote:
    >
    >>On Tue, 29 Nov 2005 11:12:05 -0600, Proteus
    >>wrote:
    >>
    >>>I am told by people in charge at the campus where I teach that this login
    >>>page is secure, that the form login info (username, password) is secure
    >>>when sent. But the browser page (Firefox, Mandriva Linux) info says the
    >>>page is not encrypted, not secure. Can someone clarify how such a login
    >>>page can securely transmit the login info? Link to login page is below:
    >>>http://www.lsc.edu/Online/VirtualCampusLogin.cfm

    >>
    >>Some times the page has to be opened in a new window to see the actual
    >>encrypted (SSL) page, but it all depends on how the set up is made, if
    >>you open in a new window and you don't see the SSL, I wouldn't trust
    >>it.

    >
    > Its badly designed as although it is secure, it does not look that way
    > to the user.


    Could https://lsc.ims.mnscu.edu/ be used as an alternative and would
    that be safer?

    --
    -!-

+ Reply to Thread