In my webpages that are not SSL wrapped, I have a login form. Users

Question

0

Asked: May 20, 20262026-05-20T20:56:55+00:00 2026-05-20T20:56:55+00:00

In my webpages that are not SSL wrapped, I have a login form. Users

0

In my webpages that are not SSL wrapped, I have a login form. Users can enter their username and password and submit the info in that login form to authenticate.

The action specified in the login form is https:///login. Is this enough for the into to be encrypted or do both pages have to be ssl wrapped?

Thanks
Eric

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-20T20:56:55+00:00

Editorial Team

2026-05-20T20:56:55+00:00Added an answer on May 20, 2026 at 8:56 pm

It is enough.

This way, an attacker can not get the login user and password because the browser is sending them encrypted. BUT if after the login you revert to plain http, an attacker may sniff the session cookie and use that to impersonate your users. See firesheep for details.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

In my webpages that are not SSL wrapped, I have a login form. Users

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply