|
-
May 22nd, 2008 04:35 PM
#1
Quick HTTPS question
Quick question: I have this guy claiming that Chase's online banking is insecure, because it's an http page and not an https page (http://www.chase.com), and that "you can login on an unsecure page" (sic).
I could be totally wrong here, but that's not an issue, is it? I would think that as soon as you hit the Log On button, an SSL or TLS session is set up, and that session is used to send the username and password. The fact that the session is only set up when you hit Log On (and not before you even start filling out your username and password) is insignificant, no? In both cases, the username and password are sent over a (secure) SSL connection, so what's the problem?
Similar Threads
-
By DerekK in forum Network Security Discussions
Replies: 4
Last Post: September 10th, 2004, 10:35 PM
-
By NetSec in forum *nix Security Discussions
Replies: 2
Last Post: September 25th, 2002, 01:02 AM
-
By roswell1329 in forum *nix Security Discussions
Replies: 2
Last Post: September 13th, 2002, 10:18 PM
-
By Obliterate in forum Newbie Security Questions
Replies: 16
Last Post: August 26th, 2002, 10:44 AM
-
By lewzer in forum Newbie Security Questions
Replies: 3
Last Post: August 7th, 2002, 03:07 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
Forum Rules
|
|
Reply With Quote
Bookmarks