HTTPS but still non secure form?

HTTPS but still non secure form?
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 General Computer Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
HTTPS but still non secure form? wim 03-14-2006
Posted by wim on March 14, 2006, 4:39 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Dear Group,

for a website, there is an HTTPS-connection. The homepage has a form:

        <form method="POST" name="formname"
action="javascript:authenticate()">
                <input type="text" name="userid" />
                <a href="javascript:login()">Login</a>
        </form>


When I enter my user id and press "Login", then normally a popup should
show in which I type my password.

Now all of a sudden, before the popup for the password is shown, I get
this dialog box telling me that "When you send information to the
Internet, it might be possible for others to see that information. Do
you want to continue?".

I know that this dialog box can be switched off in the security
settings of Internet Explorer, that is not my question, what I wonder
about is: why do I get this dialog box? I thought the connection to be
secure, because the HTTPS-protocol is used?

Thank you and kind greetings,

Wim


Posted by wim on March 14, 2006, 5:04 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Dear group,

> or a website, there is an HTTPS-connection. The homepage has a form:
>
> <form method="POST" name="formname"
> action="javascript:authenticate()">
> <input type="text" name="userid" />
> <a href="javascript:login()">Login</a>
> </form>

my guess is that the warning gets showed because the "action" in the
form-tag consists out of a javascript-function. This javascript is run
locally and hence not over a secured connection.

But this is really just a guess, I have no clue and every comment is
very welcome.

Thank you,

Wim


Similar ThreadsPosted
Is that secure :
March 15, 2007, 1:14 pm
HTML Form Mail and Security November 17, 2005, 2:21 pm
HTTPS and URL encoding May 26, 2004, 7:04 pm
SSL/https De-encryption July 6, 2004, 9:15 am
How does HTTPS/SSL work? November 24, 2004, 3:40 pm
Https funda August 11, 2005, 8:09 am
Https question August 21, 2005, 12:28 am
HTTPS question February 14, 2008, 2:41 pm
https + security April 1, 2008, 7:02 pm
Re: https + security April 2, 2008, 12:40 am

The site map in XML format XML site map

Contact Us | Privacy Policy