Web site encryption

Author	All Replies
rizwan602 join:2004-03-20 Gilbert, AZ	Web site encryption Hello, From time to time I go to web sites that require a login/password to access my account. Some of these sites are already 'encrypted' with a » url and some are not. For example, America West Airlines web site »www.usairways.com/awa/ has a sign in on their home page but the page itself is not secure. Once I am signed in, the web site is still 'not secure' with an » address. But when I click a 'sensitive' link like "My account information" or "My Miles" inside the web site then I am redirected to a » url. This concerns me because I think that the sign in that I perform on their home page is not secure and any information I type in is transmitted without any sort of encryption meaning that anyone who can intercept this information can sign on to my account and view all my credit cards, and other personal information. Am I missing something or have these web sites figured out a way to encrypt data that they ask for (without the » url) internally withing the html code that they present on the sign on screen. Any help/suggestions and information about this is highly appreciated! Thanks! Rizwan
rizwan602 join:2004-03-20 Gilbert, AZ	to forum · permalink · 2006-10-28 15:25:56 ·
justin Australian join:1999-05-28 New York, NY kudos:7 Host: IPv6 Business Connectiv.. Console/Handheld g.. Home/Office setup .. Photos of Broadban..	We have one of those as well »/login?secure=1 the FORM has an HTTPS target, so your name and password is encrypted when it is sent, but the site continues to function as http http (load page) https (post form and set cookie and receive redirection) http (welcome page
	to forum · permalink · 2006-10-28 15:43:00 ·
nwrickert sand groper Premium,MVM join:2004-09-04 Geneva, IL kudos:7 Reviews: ·AT&T U-Verse	reply to rizwan602 I can't check, since I don't have an account there. But the chances are that it is okay. The typical way of logging it to a web site is: 1: the website provides a page where you can enter login info 2: your info is sent to the site, typically to a cgi script, for verification 3: you are presented with a generic member page with no personal data but with menus. Of these, it is normally only step 2 that needs to be encrypted. It may be reassuring to you that steps 1 and 3 are also encrypted. However, that proves nothing. It is quite possible for an incompetent page designer to make steps 1 and 3 encrypted, but to have you send your password unencrypted in step 2. For the important sites I use, step 2 is always encrypted. Connecting to a forum such as DSLR does not count as important (sorry, Justin). Bank sites, insurance sites, credit card sites do count as important. In my case, I know it is done correctly, because firefox tells about it at each step. This admittedly results in lots of pointless warnings from firefox, but I put up with those so I can check the important cases.
	to forum · permalink · 2006-10-28 15:52:14 ·
OZO Premium join:2003-01-17 kudos:2	reply to rizwan602 said by rizwan602: This concerns me because I think that the sign in that I perform on their home page is not secure and any information I type in is transmitted without any sort of encryption meaning that anyone who can intercept this information can sign on to my account and view all my credit cards, and other personal information. I share your concern here. Login page is not secure and FORM tag doesn't reference to any `https:` protocol meaning that your username/password are sent without proper encryption with all consequences followed. Bad practice... -- Keep it simple, it'll become complex by itself...
OZO Premium join:2003-01-17 kudos:2	to forum · permalink · 2006-10-28 17:16:10 ·

Broadband Tech > Security > Security > Web site encryption