Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Secure Sign-in

Posted on 2008-11-14
8
Medium Priority
?
255 Views
Last Modified: 2012-05-05
I am wondering how to securely build a sign in application through a modal window.  Is it possible to make a modal window secure?  I have two examples of what I am talking about:

1)  www.ae.com - they have a sign in section on their header - not SSL on page with modal window.
2)  www.wamu.com - they also have a sign in section on their header - have SSL on page with modal window.

Are these both secure?  Or just one over another?  Could you please help us understand the necessary steps to make sure our sign in application is secure?  Any information on this subject would be greatly appreciated.
0
Comment
Question by:netshops
  • 4
  • 3
7 Comments
 
LVL 13

Expert Comment

by:Kelvin_King
ID: 22965603
Here's a link which gives some recommendations on making a Modal Login secure

http://weblogs.asp.net/rternier/archive/2007/10/09/why-redirect-why-not-use-a-modal-login.aspx

Hope it helps
- Kelvin
0
 

Author Comment

by:netshops
ID: 23072741
Any other thoughts out there?
0
 
LVL 13

Expert Comment

by:Kelvin_King
ID: 23073707
My thoughts would be to use an AJAX or Silverlight to create the modal login.

You can use AJAX with SSL. I found this article somewhat useful:
http://www.rosscode.com/blog/index.php?title=ajax_authentication_aamp_ssl&more=1&c=1&tb=1&pb=1

Hope that helps a little more
0
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

 

Author Comment

by:netshops
ID: 23079940
Further questions:

Does an ajax call from an unsecure page to a secure page get encrypted?  Can we launch a secure modal window?  Can the modal window render a SSL page?  
0
 
LVL 13

Expert Comment

by:Kelvin_King
ID: 23085178
>> Does an ajax call from an unsecure page to a secure page get encrypted?  

AJAX is just used to provide the rich interactive user interfaces. It's the code behind the page which implemented the security like the SSL and encryption.

>> Can we launch a secure modal window?  
Similiar to my above reply, the modal window is just the user interface. The code behind the page is supposed to make sure the user login is secure.

>> Can the modal window render a SSL page?  
You'll be able to perform the authentication required to login to the secured web pages.
0
 

Author Comment

by:netshops
ID: 23088248
I dont think my question is being answered.
When I launch a sign-in modal window on a non-secure (http:) page but bring in content from a SSL secure page, does this make my sign in secure?  We don't want a SSL cert on all of our pages that have this sign-in modal window visible.  Am I making any sense?
0
 
LVL 13

Accepted Solution

by:
Kelvin_King earned 500 total points
ID: 23092141
>> When I launch a sign-in modal window on a non-secure (http:) page but bring in content from a SSL >> secure page, does this make my sign in secure?

Your concept of SSL is not clear to behing with.

Once a user authenticates through the sign-in modal window, and SSL connection is established between client and server. EVERYTHING that is exchanged between client and server from then onwards is encrypted.

>> want a SSL cert on all of our pages that have this sign-in modal window visible

The certificate won't be on any of the pages. The certificate belongs to the server, and will only push it down when a SSL connection needs to be established.

You'll probably want to read up on some basic SSL tutorials with web programming to get a better understanding.

0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like me and like multiple layers of protection, read on!
Considering today’s continual security threats, which affect Information technology networks and systems worldwide, it is very important to practice basic security awareness. A normal system user can secure himself or herself by following these simp…
Use Wufoo, an online form creation tool, to make powerful forms. Learn how to selectively show certain fields based on user input using rules to gather relevant information and data from your forms. The rules feature provides you with an opportunity…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

576 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question