How Login work on Web pages

I want to know how login works on web page in details.

Questions:

1. What happens when we use POST method. Is all the data encrypted before sending over internet. Can someone extract the information before it goes to web server. How POST is implemented?

2. How a password field work on a form, especially on login page? Is all the character entered in password field encrypted before sending to the server.

3. As a developer can I read password field using ASP or CGI.

4. How do I trust that e.g. a banking site developer开发者_开发百科 or implementer cannot read my password using any code?

1-2) When using regular HTTP, nothing is encrypted when you use an HTML form to transmit a password. Password fields behave different from regular text fields only in the browser UI (e.g. their contents are starred out). When posting, the contents of a password field are treated the same as those of a regular text field.

Everyone with access to the network infrastructure has the chance to capture your password when it is transmitted over the wire using regular HTTP. You can gain security on the wire by communicating via HTTPS instead of HTTP, which secures everything using TLS and thereby makes it impossible for attackers to sniff passwords. This is why HTML login forms should always post via HTTPS.

3) Yes, pretty much every scripting framework provides a method to retrieve parameters submitted via POST.

4) You can't. Even when using HTTPS, the encryption's endpoints are the user's browser and the web server. The script which is running inside the web server and receives the POST request receives the password unencrypted. So, you have no choice but to trust your bank's software development.

What happens when we use POST method. Is all the data encrypted before sending over internet. Can someone extract the information before it goes to web server. How POST is implemented?

POST sends data in the body of the HTTP request instead of in the URL. No encryption takes place.

Use HTTPS (HTTP with SSL) for encryption

How a password field work on a form, especially on login page? Is all the character entered in password field encrypted before sending to the server.

A password field works exactly like a text field except it shows placeholder characters to defence against looking-over-the-shoulder attacks

As a developer can I read password field using ASP or CGI.

Yes

How do I trust that e.g. a banking site developer or implementer cannot read my password using any code?

There are legal requirements to protect passwords.