开发者

Http to Https POST

开发者 https://www.devze.com 2023-03-01 02:58 出处:网络
We are launching a new website(say A) and it has Username/Password to it and ours is a HTTP Site. We are POSTING Username/Passwordinformation to another site which is our another internal website(Say

We are launching a new website(say A) and it has Username/Password to it and ours is a HTTP Site. We are POSTING Username/Password information to another site which is our another internal website(Say B) but that website is HTTPS site. Our 'A' site don’t handle Authorization and Authentication and neither we have Data bases nor their going to be any back commun开发者_如何学Goications(for error handling stuff like that) to the 'B' From 'A'. we tranfer them to the B website altogether and no coming back.

My Question is

Is the information I am Posting from HTTP to HTTPS site is secure? If yes How its secure. If No why.


The data will be encrypted from the browser to website B, but the end-user has no assurance that website B is who it claims to be. A "man in the middle" attack could be used which would deliver the secure information to the phony site.

Therefore, your login page should be hosted on website B and delivered using SSL (https).


Provided the user can verify the absence of scripts running on site A, it's possible to ensure that it's secure. What makes it a generally bad practice is that it's vulnerable to an active man in the middle who changes the form target or inserts a malicious script in the context of site A to steal the password and send it away before it gets submitted to the (secure) site B.

0

精彩评论

暂无评论...
验证码 换一张
取 消