But what I'm saying is that if you're submitting a form from an unsecured page, to a script on a secure server, the data will still be encrypted. Anyone know this for sure to be correct? It sure makes sense this way. On Sunday 16 January 2005 07:27 pm, Peter Lovatt wrote: > Hi > > It is better from a security point of view to have a secure login. The > secure server encrypts the data between the browser and the server, making > it impossible to read on its journey from you to the server. > > However whether it is a major security problem is another question. To > view the traffic somebody must have access to the servers that route your > request, which isn't easy. They then have to spot your traffic amongst all > the other web traffic. > > If it is the login for your Swiss bank account where you hid the million > you made without declaring tax then it should be secure - no question. On > the other hand if it is just to login to see when your books will be > delivered, with no sensitive financial information then the risk is smaller > and it is unlikely that anyone is trying too hard to get your login, so an > insecure login carries less risk. > > You could always host the login page on a non secure server but post the > form to a secure server. > > Peter > > > -----Original Message----- > > From: Micah Stevens [mailto:micah@xxxxxxxxxxxxxxxxxx] > > Sent: 17 January 2005 02:46 > > To: php-db@xxxxxxxxxxxxx > > Subject: Re: Security Question > > > > > > > > If it submits to a secure server the form data will be encrypted before > > transmission I believe. At least that's my understanding, and > > that seems to > > be how ebay does it for example. Once you log-in, it submits to a secure > > page. > > > > -Micah > > > > On Sunday 16 January 2005 06:38 pm, Chris Payne wrote: > > > Hi everyone, > > > > > > > > > > > > I have a security question, I want to see if I am right or > > > > wrong. I have > > > > > programmed a system with PHP and MySQL, the main system resides > > > > on a secure > > > > > server, but the client wants the login page on a NON-Secure server for > > > marketing purposes. Am I the only one who thinks this is a > > > > major security > > > > > concern? > > > > > > > > > > > > Chris > > > > -- > > PHP Database Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
