Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
It seems that most major websites will use a secure domain, but there are a few major exceptions, notably facebook and twitter.
The benefits of using a secure domain are obvious I suppose – your login credentials are never transmitted in plain text.
So how do major sites like facebook and twitter get away with it? If a secure domain is not available for some reason, what extra precautions might one take?
If security is at all important: Yes, the sign in page must be https, as must the page that it posts to. There simply is no other way.
If you visit a page, and it isn’t https, you absolutely can not trust anything submitted from that page. Since the connect is not protecteded, it can be easily tampered with (perhaps by making it submit to a non-https page, or perhaps submitting to an altogether different domain, which you will never know until it is too late). Whereas if you visit an https page, you can trust it. You know where the page originated from and that it hasn’t been tampered with. And of course you must submit to an https page, since you want that data to be encrypted (and the browser should warn you if it tries to submit a form from an https page to a non-https page).