What is the most secure way of registering new users?
I know SSL is a good pick. But can I have SSL on user registration only?
Take Wordpress for example. User registration is at http://en.wordpress.com/signup/. And the user registration form is sent to https://en.wordpress.com/wp-login.php.
The same goes for login.
How can I make just registration / and login use SSL ? I don't want SSL for any other parts of the site (yet).
分享 My recommendation would be to use SSL for the page that contains the login/signup form, as well as for the page that is being posted to. Using SSL only for the posted-to page is already very good, but if you want to add more protection then the form-containing page should be served over an authenticated channel.
This is to guard, of course, against the possible (even if, perhaps, unprobable) modification of the form-containing page by an adversary; but what may be more important is that it would make the user aware that their personal information is being kept secret, before they actually have to submit that information. If you have SSL only for the posted-to page, the user may not have a way of telling whether their personal details will go over a secure channel.
分享
