|
-
May 22nd, 2008, 04:35 PM
#1
Quick HTTPS question
Quick question: I have this guy claiming that Chase's online banking is insecure, because it's an http page and not an https page (http://www.chase.com), and that "you can login on an unsecure page" (sic).
I could be totally wrong here, but that's not an issue, is it? I would think that as soon as you hit the Log On button, an SSL or TLS session is set up, and that session is used to send the username and password. The fact that the session is only set up when you hit Log On (and not before you even start filling out your username and password) is insignificant, no? In both cases, the username and password are sent over a (secure) SSL connection, so what's the problem?
Similar Threads
-
By DerekK in forum Network Security Discussions
Replies: 4
Last Post: September 10th, 2004, 10:35 PM
-
By Obliterate in forum Newbie Security Questions
Replies: 16
Last Post: August 26th, 2002, 10:44 AM
-
By lewzer in forum Newbie Security Questions
Replies: 3
Last Post: August 7th, 2002, 03:07 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote