0

I would like someone to answer this and if possible provide some reference links to back it up (if possible). Need to prove to someone its not secure.

If I have a form with the post method on a non-secure page, but the action attribute is pointing to a secure URL, is the submitted form secure?

user357034
  • 10,731
  • 19
  • 58
  • 72
  • 1
    -1 for fishing for a desired answer. While It's apparent that David may have overlooked some things in his answer, you call him out and attack him with sources. You already know your answer, why'd you need to ask it. You need to **prove** to someone something's not secure, give him your article or set up a staging environment and show him using the methods described there. Don't come to us looking for 'answers' expecting us to justify your opinion. – Aren Jul 26 '10 at 23:05
  • 1
    I just wanted some feedback on this issue, and its not my article. And who are you to tell me what I can and cannot ask. There was no attack I asked him to explain it further. Furthermore they are not my opinions but others. People come here to learn and ask questions. If we don't ask we don't learn. – user357034 Jul 26 '10 at 23:14

2 Answers2

1

Yes. The data is submitted to a secure URI, so is it is encrypted and secure.

However … the user will have no indication that this is going to happen before they submit the form so you should provide the form over SSL too.

Quentin
  • 914,110
  • 126
  • 1,211
  • 1,335
  • Indeed, the entire HTTP request (so including the request body / form contents) will be sent over ssl, including headers, which is the reason why you can't have different ssl-certicates for different namebased virtualhosts: the `host` header can only be decoded after the ssl connection has been set up. – Wrikken Jul 26 '10 at 22:50
  • Well then I offer this link. Care to explain your position? http://blogs.msdn.com/b/ie/archive/2005/04/20/410240.aspx – user357034 Jul 26 '10 at 22:50
0

Short answer is : no secure if ssl(https) is not implemented. Please have a look at my question, and the answers from security guys to that here

Hope this helps.

Community
  • 1
  • 1
Michael Mao
  • 9,878
  • 23
  • 75
  • 91