secure form on a non-secure page -> how?

Ask a Question related to PHP Development, Design and Development.

  1. BKDotCom #1

    Default secure form on a non-secure page -> how?

    Perhaps not PHP specific, but:
    Both [url]http://www.bankofamerica.com/[/url] and [url]http://www.bankone.com/[/url]
    have account login forms on their non-secure main pages.

    How on earth are they accomplishing this?

    Please enlighten me.
    BKDotCom Guest
    Reply With Quote Reply With Quote

    2. Similar Questions and Discussions

    1. Secure Form
      I've tried forms befor but every time i never seem to get them right, what im trying to do is make a form that collects personal detail from...
    2. Secure PDF's merged into 1 document from 2 different Secure Files, possible?
      I have multiple Secured PDF files that I have created. There is a possibility that my end user will need to merge multiple PDF files into 1 main PDF,...
    3. secure intranet site with non secure sites?
      I log into a domain open an secure intranet site and then when I go to yahoo.com it messes up my secure intranet site that I have open. Cant...
    4. "Microsoft must deliver 'secure environments' not tools to write 'secure code'" : draft article
      Hello Please see bellow the final draft of an article soon to be published. I would appreciate your comments and corrections of anything that I...
    5. whats the best way to mix secure and non secure data on a page?
      i have an ecommerce site that is split across two domains, a secure space that retains cc details and the main site where contact information and...
  2. Jim Dabell #2

    Default Re: secure form on a non-secure page -> how?

    BKDotCom wrote:
    > Perhaps not PHP specific, but:
    > Both [url]http://www.bankofamerica.com/[/url] and [url]http://www.bankone.com/[/url]
    > have account login forms on their non-secure main pages.
    >
    > How on earth are they accomplishing this?
    It doesn't matter how the user gets the form, what matters is how the form
    is submitted.

    When you see a page with a form on, and it is simply a page that has been
    transmitted over HTTP, no secure information has been transmitted.

    When you type something into that form and submit the form, it posts the
    information to a location specified by the action attribute of the <form>
    element [1]. This location doesn't have to be (and usually isn't) the same
    location as the original page with the form on. It can be any URL - and in
    these types of cases, is usually an HTTPS URL. This is the data transfer
    that matters.


    [1] In some cases, the action attribute is not used, but a client-side
    script redirects the page. The same thing applies though - you can
    redirect to an HTTPS URL just fine.

    --
    Jim Dabell

    Jim Dabell Guest
    Reply With Quote Reply With Quote
  3. BKDotCom #3

    Default Re: secure form on a non-secure page -> how?

    Duh.
    I guess I've been made to expect to see the "golden padlock" when I
    press submit.. Of course it makes sense that if the "action" is a
    secure site, everything gets transmited as such.

    Thanks

    Jim Dabell <jim-usenet@jimdabell.com> wrote in message news:<LKudndJ6GfwvSrqiRTvUqg@giganews.com>...
    > BKDotCom wrote:
    >
    > > Perhaps not PHP specific, but:
    > > Both [url]http://www.bankofamerica.com/[/url] and [url]http://www.bankone.com/[/url]
    > > have account login forms on their non-secure main pages.
    > >
    > > How on earth are they accomplishing this?
    >
    > It doesn't matter how the user gets the form, what matters is how the form
    > is submitted.
    >
    > When you see a page with a form on, and it is simply a page that has been
    > transmitted over HTTP, no secure information has been transmitted.
    >
    > When you type something into that form and submit the form, it posts the
    > information to a location specified by the action attribute of the <form>
    > element [1]. This location doesn't have to be (and usually isn't) the same
    > location as the original page with the form on. It can be any URL - and in
    > these types of cases, is usually an HTTPS URL. This is the data transfer
    > that matters.
    >
    >
    > [1] In some cases, the action attribute is not used, but a client-side
    > script redirects the page. The same thing applies though - you can
    > redirect to an HTTPS URL just fine.
    BKDotCom Guest
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may post replies
  • You may not post attachments
  • You may not edit your posts

Forum Rules


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139