» Must logins be a https page
Must logins be a https page
|November 29, 2010
Posted by forumadmin
Several security experts have said in the past that the login page should be on ssl https. So what if my login is a block that’s displayed on all pages. Does that mean that my entire website has to be https?
I read it’s possible to put the form on http but post it to https, but I read someone saying that it can be exploited with a man in the middle attack. Can someone confirm this? I have a 100 point bounty for someone who can confirm this (and help me with a practical answer how to securely solve this). My login form is on every page, do I need to make the whole website on https? Please feel free to question anything I said here. They’re only things I read but don’t have experience with and didn’t try it myself.
Edit: to those who asked, when I was posting the question, I tried setting the bounty but the system wouldn’t let me. I checked the FAQ and saw that bounty can be posted after 2 days from posting the question. That’s why you see no bounty yet. But I will not select an answer until I set a bounty in 2 days. Sorry for any confusion.
More Related Questions
- SSL issue with cURL after moving to a new server I'm using cURL to send some data using CURLOPT_POST. Same code was working fine before but after moving to a new server cURL is not working anymore via https. The guys from the other site […]
- HTTPS redirect me to another web site I have a domain name "http://wmsdardar.com". When I write the site with 'http' it appears normally, but when I add 's' to 'http' it's redirect me to another website.
Any idea on […]
- Best pratice for SSL in CakePHP I'd like to implement HTTPS for all pages.
I use CakePHP 2.3 with the "Auth" component.
Actually the only one way I found is to add a "beforeFilter-condition".
But this is very dirty […]
- Session lost when switching from HTTP to HTTPS in PHP When sending the user to a checkout page, they are switched from http://mysite.com to https://mysite.com. As a result, $_SESSION variables are lost.
The site has a valid SSL certificate […]
- How do I enable openssl for PHP on AWS EC2 (to use for backend calls only – not incoming traffic)? Here was the error received when trying to use file_get_contents() to pull a file from a remote secure server using the standard AWS EC2 setup:
PHP Fatal error: Uncaught exception […]
- How to make below HTTPs connection over Android secure I am making Android HTTPs connection using "SocketFactory" and "X509TrustManager". Using below code my connection is going very well, but i came to know that this connection is not secured […]
- Load CSS and JS over HTTPS in WordPress One of my websites is in WordPress. I setup SSL on the site. I would like the entire site be loaded via HTTP except 1 page lets call it PAYMENTS.
How can I achieve in WordPress when I […]
- Drupal page wont stay https, redirection loop On a Drupal 6 site we can't figure out why pages, other than the home page, refuse to be accessed in https. Accessing any page on the site, except the home page, immediately redirects […]
- How do i make an HTTPS version of my ReportServer?
i have installed an SSL certificate on the relevant server
i approached the Reporting Services Configuration Manager-> Web Service URL in order to assign it a port 443
in addition to the […]
- I have a website A (https) and a diffrent website B (https), is posting secure from A to B?
I want to post user info (firstName, lastName, email, passport number -> NO credit card or password) from website A(https) to website B(https)
a little use case:
user logs in https […]