[Dshield] Banks Shifting Logins to Non-SSL Pages

Abuse abuse at what4now.com
Wed Aug 24 05:43:05 GMT 2005


** Reply to message from "Scott Hollingsworth" <forum at dshield.org> on Tue, 23
Aug 2005 18:17:47 GMT

> The login form doesn't need to be on the front page so the front page doesn't
> need to be SSL encrypted. I have seen the login form moved from a login page to
> the front page. The front page was then SSL encrypted to accomodate the login
> form and the user training. Now SSL is too much overhead for the front page
> traffic so it is cordoned off to the submit function. Um, why not just move the
> form back to an SSL encrypted login page? Customer convienience? Probably.

I have seen the login on the front page but I never use it.  So far every web
site I have used (where a login is required) just clicking on the login without
entering any data into the userid and password fields takes me to a secure web
page where I then enter the data.


More information about the list mailing list