Is it acceptable to submit from an http form through https? It seems like it should be secure, but it allows for a man in the middle attack (here is a good discussion). There are sites like mint.com that allow you to sign-in from an http page but does an https post. In my site, the request is to have an http landing page but be able to login securely. Is it not worth the possible security risk and should I just make all users go to a secure page to login (or make the landing page secure)?
Share
Is there any reason not to use HTTPS for the entire transaction? If you can’t find a very good one, use it!
It’s arguably simpler than switching protocols.
The MITM risk is real.
Following your link, the user ‘Helios’ makes an excellent point that using 100% HTTPS is far less confusing to the user.