secure form on a non-secure page -> how?

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • BKDotCom
    #1

    secure form on a non-secure page -> how?

    Perhaps not PHP specific, but:
    Both http://www.bankofamerica.com/ and http://www.bankone.com/
    have account login forms on their non-secure main pages.

    How on earth are they accomplishing this?

    Please enlighten me.
    Tags: None
    • Jim Dabell
      #2
      Re: secure form on a non-secure page -> how?

      BKDotCom wrote:
      [color=blue]
      > Perhaps not PHP specific, but:
      > Both http://www.bankofamerica.com/ and http://www.bankone.com/
      > have account login forms on their non-secure main pages.
      >
      > How on earth are they accomplishing this?[/color]

      It doesn't matter how the user gets the form, what matters is how the form
      is submitted.

      When you see a page with a form on, and it is simply a page that has been
      transmitted over HTTP, no secure information has been transmitted.

      When you type something into that form and submit the form, it posts the
      information to a location specified by the action attribute of the <form>
      element [1]. This location doesn't have to be (and usually isn't) the same
      location as the original page with the form on. It can be any URL - and in
      these types of cases, is usually an HTTPS URL. This is the data transfer
      that matters.


      [1] In some cases, the action attribute is not used, but a client-side
      script redirects the page. The same thing applies though - you can
      redirect to an HTTPS URL just fine.

      --
      Jim Dabell

        Comment

        • BKDotCom
          #3
          Re: secure form on a non-secure page -&gt; how?

          Duh.
          I guess I've been made to expect to see the "golden padlock" when I
          press submit.. Of course it makes sense that if the "action" is a
          secure site, everything gets transmited as such.

          Thanks

          Jim Dabell <jim-usenet@jimdabel l.com> wrote in message news:<LKudndJ6G fwvSrqiRTvUqg@g iganews.com>...[color=blue]
          > BKDotCom wrote:
          >[color=green]
          > > Perhaps not PHP specific, but:
          > > Both http://www.bankofamerica.com/ and http://www.bankone.com/
          > > have account login forms on their non-secure main pages.
          > >
          > > How on earth are they accomplishing this?[/color]
          >
          > It doesn't matter how the user gets the form, what matters is how the form
          > is submitted.
          >
          > When you see a page with a form on, and it is simply a page that has been
          > transmitted over HTTP, no secure information has been transmitted.
          >
          > When you type something into that form and submit the form, it posts the
          > information to a location specified by the action attribute of the <form>
          > element [1]. This location doesn't have to be (and usually isn't) the same
          > location as the original page with the form on. It can be any URL - and in
          > these types of cases, is usually an HTTPS URL. This is the data transfer
          > that matters.
          >
          >
          > [1] In some cases, the action attribute is not used, but a client-side
          > script redirects the page. The same thing applies though - you can
          > redirect to an HTTPS URL just fine.[/color]

            Comment

            Previous template Next
            Working...