Hi It is better from a security point of view to have a secure login. The secure server encrypts the data between the browser and the server, making it impossible to read on its journey from you to the server. However whether it is a major security problem is another question. To view the traffic somebody must have access to the servers that route your request, which isn't easy. They then have to spot your traffic amongst all the other web traffic. If it is the login for your Swiss bank account where you hid the million you made without declaring tax then it should be secure - no question. On the other hand if it is just to login to see when your books will be delivered, with no sensitive financial information then the risk is smaller and it is unlikely that anyone is trying too hard to get your login, so an insecure login carries less risk. You could always host the login page on a non secure server but post the form to a secure server. Peter > -----Original Message----- > From: Micah Stevens [mailto:micah@xxxxxxxxxxxxxxxxxx] > Sent: 17 January 2005 02:46 > To: php-db@xxxxxxxxxxxxx > Subject: Re: Security Question > > > > If it submits to a secure server the form data will be encrypted before > transmission I believe. At least that's my understanding, and > that seems to > be how ebay does it for example. Once you log-in, it submits to a secure > page. > > -Micah > > > On Sunday 16 January 2005 06:38 pm, Chris Payne wrote: > > Hi everyone, > > > > > > > > I have a security question, I want to see if I am right or > wrong. I have > > programmed a system with PHP and MySQL, the main system resides > on a secure > > server, but the client wants the login page on a NON-Secure server for > > marketing purposes. Am I the only one who thinks this is a > major security > > concern? > > > > > > > > Chris > > -- > PHP Database Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php