donglusou3335 2010-04-01 11:00
浏览 5

用于登录的覆盖窗口中的SSL

HI

I have to implement login over SSL in my website. for example

https://www.myweb.com/loginForm - this is the login form page

https://www.myweb.com/loginProcess - this is the action which process the form -authenticates user.

I am able to do this with usual web form but the problem is the overlay dialog box for login

for example

if I am on my website home page

http://www.myweb.com - notice http and I click a login link there , it shows a small html div with login form (like a litebox).now ,as I am on a non SSL page (http) the data which I post does not get encrypted,and posted to the process action.

How do I get around with this so that my overly login also becomes secure.

thanks for your help in advance. :)

  • 写回答

1条回答 默认 最新

  • douhao2721 2010-04-01 14:19
    关注

    If the form in the litebox posts to https://www.myweb.com/loginProcess, the data will be encrypted even though you don't see the lock icon or any indication that it will be.

    However, most users are trained to look for such an indicator before submitting information so this is not recommended. It would be better to have a separate page on https to log in. You also decrease the likelihood of a man-in-the-middle attack if it is on a https page because someone could inject a different POST url into the form if it is on an http page.

    评论

报告相同问题?

悬赏问题

  • ¥100 嵌入式系统基于PIC16F882和热敏电阻的数字温度计
  • ¥15 cmd cl 0x000007b
  • ¥20 BAPI_PR_CHANGE how to add account assignment information for service line
  • ¥500 火焰左右视图、视差(基于双目相机)
  • ¥100 set_link_state
  • ¥15 虚幻5 UE美术毛发渲染
  • ¥15 CVRP 图论 物流运输优化
  • ¥15 Tableau online 嵌入ppt失败
  • ¥100 支付宝网页转账系统不识别账号
  • ¥15 基于单片机的靶位控制系统