Secure Sign-in

I am wondering how to securely build a sign in application through a modal window.  Is it possible to make a modal window secure?  I have two examples of what I am talking about:

1)  www.ae.com - they have a sign in section on their header - not SSL on page with modal window.
2)  www.wamu.com - they also have a sign in section on their header - have SSL on page with modal window.

Are these both secure?  Or just one over another?  Could you please help us understand the necessary steps to make sure our sign in application is secure?  Any information on this subject would be greatly appreciated.
netshopsAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Kelvin_KingCommented:
Here's a link which gives some recommendations on making a Modal Login secure

http://weblogs.asp.net/rternier/archive/2007/10/09/why-redirect-why-not-use-a-modal-login.aspx

Hope it helps
- Kelvin
0
netshopsAuthor Commented:
Any other thoughts out there?
0
Kelvin_KingCommented:
My thoughts would be to use an AJAX or Silverlight to create the modal login.

You can use AJAX with SSL. I found this article somewhat useful:
http://www.rosscode.com/blog/index.php?title=ajax_authentication_aamp_ssl&more=1&c=1&tb=1&pb=1

Hope that helps a little more
0
What were the top attacks of Q1 2018?

The Threat Lab team analyzes data from WatchGuard’s Firebox Feed, internal and partner threat intelligence, and a research honeynet, to provide insightful analysis about the top threats on the Internet. Check out our Q1 2018 report for smart, practical security advice today!

netshopsAuthor Commented:
Further questions:

Does an ajax call from an unsecure page to a secure page get encrypted?  Can we launch a secure modal window?  Can the modal window render a SSL page?  
0
Kelvin_KingCommented:
>> Does an ajax call from an unsecure page to a secure page get encrypted?  

AJAX is just used to provide the rich interactive user interfaces. It's the code behind the page which implemented the security like the SSL and encryption.

>> Can we launch a secure modal window?  
Similiar to my above reply, the modal window is just the user interface. The code behind the page is supposed to make sure the user login is secure.

>> Can the modal window render a SSL page?  
You'll be able to perform the authentication required to login to the secured web pages.
0
netshopsAuthor Commented:
I dont think my question is being answered.
When I launch a sign-in modal window on a non-secure (http:) page but bring in content from a SSL secure page, does this make my sign in secure?  We don't want a SSL cert on all of our pages that have this sign-in modal window visible.  Am I making any sense?
0
Kelvin_KingCommented:
>> When I launch a sign-in modal window on a non-secure (http:) page but bring in content from a SSL >> secure page, does this make my sign in secure?

Your concept of SSL is not clear to behing with.

Once a user authenticates through the sign-in modal window, and SSL connection is established between client and server. EVERYTHING that is exchanged between client and server from then onwards is encrypted.

>> want a SSL cert on all of our pages that have this sign-in modal window visible

The certificate won't be on any of the pages. The certificate belongs to the server, and will only push it down when a SSL connection needs to be established.

You'll probably want to read up on some basic SSL tutorials with web programming to get a better understanding.

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Applications

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.