vrosas_03
asked on
Password fields present on an insecure (http://) page. This is a security risk that allows user login credentials to be stolen.
I get this error in firefox I don't know what it is or how to fix it
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
No, the security risk is when they are sent to a page using HTTP instead of HTTPSGonna disagree, the tunnel could have already been intercepted and posting to https is not gonna make a difference at that point.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Because the target could have already been replaced, the connection may be secure but the connection to where?
If it's loaded on an SSL connection to start with then it cannot be altered.
If it's loaded on an SSL connection to start with then it cannot be altered.
That's one I never thought of. But I guess if there is enough money involved, someone will try that.
Doesn't need that much money involved, pop into the local cafe with wi-fi, you could probably pick up login details and other stuff and Joe Bloggs would never know.
30 minutes later you could be ordering all kinds of things - worst case scenario I know but...has happened.
30 minutes later you could be ordering all kinds of things - worst case scenario I know but...has happened.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I don't WiFi anywhere. I have a wireless router though I don't use it for any of my own business. Last time I checked, there were 52 wireless networks here.
Solution:
Have your login form on a secure page https
Many websites do it, but remember normal people don't have Firebug running so they never see that message