amatachick (at) gmail (dot) com [email concealed] wrote:
> I have what may be a simple question. When logging into a website that doesn't use SSL (https) are your credentials traveling in clear text? I am under the impression that the only way to encrypt your login is if the original page is https.
>
> So that is my first question, and if I am correct that leads to my next question...
>
> Is there anyway to encrypt this transmission using something besides SSL?
>
In theory, one could implement encryption using a java applet or so, but
I see no reason to do this!
> The reason that I ask is that I have seen numerous sites which use http on their login page. To me that means it's not encrypted and I can't understand why anyone would allow their login page to be unencrypted.
>
if the login:password isn't very important, the site owner may consider
that unencrypted http is acceptable, compared to buying an SSL cert
(that is accepted by major browsers). for example, many sites running
public mailing-lists (with mailman for example) will offer login over
"plain" http.
Otherwise, using https is highly recommended.
> Again, this may be pretty basic but I would really like to get some feedback from you all. Thanks!!
>
> I have what may be a simple question. When logging into a website that doesn't use SSL (https) are your credentials traveling in clear text? I am under the impression that the only way to encrypt your login is if the original page is https.
>
> So that is my first question, and if I am correct that leads to my next question...
>
> Is there anyway to encrypt this transmission using something besides SSL?
>
In theory, one could implement encryption using a java applet or so, but
I see no reason to do this!
> The reason that I ask is that I have seen numerous sites which use http on their login page. To me that means it's not encrypted and I can't understand why anyone would allow their login page to be unencrypted.
>
if the login:password isn't very important, the site owner may consider
that unencrypted http is acceptable, compared to buying an SSL cert
(that is accepted by major browsers). for example, many sites running
public mailing-lists (with mailman for example) will offer login over
"plain" http.
Otherwise, using https is highly recommended.
> Again, this may be pretty basic but I would really like to get some feedback from you all. Thanks!!
>
[ reply ]