SecurityFocus

Should login pages be protected by SSL? Jun 20 2005 04:20PM
Amir Herzberg (herzbea macs biu ac il) (7 replies)

Re: Should login pages be protected by SSL? Jun 21 2005 02:15PM
Saqib Ali (docbook xml gmail com)

Re: Should login pages be protected by SSL? Jun 21 2005 11:40AM
Stefano Di Paola (stefano dipaola wisec it)

Il lun, 2005-06-20 alle 18:20, Amir Herzberg ha scritto:
> Here is a simple question: should web login forms be always protected by
> SSL?
>
Hi
I suppose the right answer is "it should".

Well, sometimes there is no chance to use a SSL connection
especially when you web site is located in a multi user web space, or a
hired virtual server.
I put together HMAC technology and form authentication to improve
security on non secure situations..
Feel free to look a it on
http://www.wisec.it/projects.php?lang=en

hope it helps.

Regards,
Stefano

--
......---oOOo--------oOOo---......
Stefano Di Paola
Software Engineer
Email: stefano.dipaola_at_wisec.it
Email: stefano.dipaola1_at_tin.it
Web: www.wisec.it
..................................

[ reply ]

Re: Should login pages be protected by SSL? Jun 21 2005 09:14AM
Kalyan Varma (kalyan rtns org)

Re: Should login pages be protected by SSL? Jun 21 2005 06:28AM
bluewizard83-de4gahsh yahoo com

Re: Should login pages be protected by SSL? Jun 21 2005 12:42AM
Andy bentley (andy bentleyconsulting biz)

Re: Should login pages be protected by SSL? Jun 21 2005 12:23AM
Michael Silk (michaelslists gmail com)

Re: Should login pages be protected by SSL? Jun 20 2005 11:41PM
Andrew van der Stock (vanderaj greebo net)