tags:

views:

42

answers:

2
Q: 

form submit in a non secure page

I would like someone to answer this and if possible provide some reference links to back it up (if possible). Need to prove to someone its not secure.

If I have a form with the post method on a non-secure page, but the action attribute is pointing to a secure URL, is the submitted form secure?

+1  A: 

Yes. The data is submitted to a secure URI, so is it is encrypted and secure.

However … the user will have no indication that this is going to happen before they submit the form so you should provide the form over SSL too.

David Dorward  2010-07-26 22:47:57
Indeed, the entire HTTP request (so including the request body / form contents) will be sent over ssl, including headers, which is the reason why you can't have different ssl-certicates for different namebased virtualhosts: the `host` header can only be decoded after the ssl connection has been set up.
Wrikken  2010-07-26 22:50:42
Well then I offer this link. Care to explain your position?http://blogs.msdn.com/b/ie/archive/2005/04/20/410240.aspx
 2010-07-26 22:50:48
+1  A: 

Short answer is : no secure if ssl(https) is not implemented. Please have a look at my question, and the answers from security guys to that here

Hope this helps.

Michael Mao  2010-07-26 22:54:41

related questions

Retrieving HTTP status code from loaded iframe with Javascript
How to specify an authenticated proxy for a python http connection?
Why does HttpCacheability.Private suppress ETags?
How to respond to an alternate URI in a RESTful web service
Is there a reason to use BufferedReader over InputStreamReader when reading all characters?
What would be a good, windows and iis (http) based distributed version control system
Database query representation impersonating file on Windows share?
How do I use NTLM authentication with Active Directory
Process raw HTTP request content
How would you implement FORM based authentication without a backing database?
Reading "chunked" response with HttpWebResponse
Best way to let users download a file from my website: http or ftp
How do I convert a date to a HTTP-formatted date in .Net / C#
What is the best way to upload a file via an HTTP POST with a web form?
How do I stop IIS7 dropping my cookies?
Checking FTP status codes with a PHP script.
HTTP Libraries for Emacs
Accessing post variables using Java Servlets
HTTP: Generating ETag Header
HTTP: How to know when to send a 304 Not Modified response
How do I best detect an ASP.NET expired session?
How can I make the browser see CSS and Javascript changes?
How to curl or wget a web page?
The Definitive Guide To Website Authentication
Implementation of "Remember me" in a Rails application.