tags:

views:

32

answers:

1

HI

I have to implement login over SSL in my website. for example

https://www.myweb.com/loginForm - this is the login form page

https://www.myweb.com/loginProcess - this is the action which process the form -authenticates user.

I am able to do this with usual web form but the problem is the overlay dialog box for login

for example

if I am on my website home page

http://www.myweb.com - notice http and I click a login link there , it shows a small html div with login form (like a litebox).now ,as I am on a non SSL page (http) the data which I post does not get encrypted,and posted to the process action.

How do I get around with this so that my overly login also becomes secure.

thanks for your help in advance. :)

A: 

If the form in the litebox posts to https://www.myweb.com/loginProcess, the data will be encrypted even though you don't see the lock icon or any indication that it will be.

However, most users are trained to look for such an indicator before submitting information so this is not recommended. It would be better to have a separate page on https to log in. You also decrease the likelihood of a man-in-the-middle attack if it is on a https page because someone could inject a different POST url into the form if it is on an http page.

Robert