Doing https properly
Austin William Wright
diamondmagic at users.sourceforge.net
Sun May 29 21:08:09 MST 2011
On 05/29/2011 11:42 AM, Dazed_75 wrote:
> He wrote me back and said that had I clicked the button, the
> information would have been sent securely and that he was trying to
> minimize his bandwidth costs since he was a small company.
The web browser is correct, if the submission form is not secure, how do
you know you're sending it to the right person? SSL doesn't just verify
your connection can't be eavesdropped on, it's an authentication
mechanism too. With a man-in-the-middle attack, the destination could be
changed to also be sent to some third party.
Austin Wright.
More information about the PLUG-discuss
mailing list