开发者

If I submit a form to a HTTPS URL from a HTTP URL, will the form data be encrypted?

I'm about to encrypt my 开发者_JAVA技巧website's login form and I was wondering if the user logging in needs to land on the login form at a HTTPS URL, or whether the form data can be posted to a HTTPS url from a HTTP url and still be encrypted?


Yes, the login data is encrypted, but there is no obvious way for the user to know this. It also leaves users open to a man-in-the-middle attack because an attacker could simply change where the form posts to.

For a site that really needs security, it is highly recommend that you require https on any login page.


Yes, it will be encrypted. The URL of the page from which the form is submitted doesn't matter, only the form target URL.

One thing to note, though, is that some browsers (IE 6, at least) will warn the user when submitting a secure form from an insecure page. Why that requires a warning and what the user is supposed to do about it, I have no idea, but it can confuse people (if they bother to read the warning).

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜