In a typical login situation, how many pages do you need to secure with SSL?

Question

In a typical login situation, how many pages do you need to secure with SSL?

For example, suppose I have login.html for which POSTs username and password for verify.html. Do I need to have login.html for SSL or just verify.html is enough?

+4

html security ssl https

Hoa Jul 16 '12 at 6:10

source share

2 answers

From a technical point of view, ensuring a minimum minimum. Protecting your login.html file will also bring 3 more benefits:

The browser will know that it processes reasonable information, therefore, applies security policies.
The user, most importantly, will know that he is dealing with a secure application, since the navigation bar will show a lock.
A person in medium attacks trying to change the login target (to steal credentials) will no longer be.

In any case, it is good practice to provide SSL for each part of the site that processes personal data, as more and more users want their personal information to be confidential.

+1

yadutaf Jul 16 '12 at 6:18

source share

Gumbo · Accepted Answer · 2012-07-16T07:13:51+0000

Here is the summary:

login.html must be protected, otherwise its contents may be changed, e. d. by changing the location of the action forms.
verify.html must be protected, otherwise the credentials will not be protected and may be eavesdropped.
Everything else after successful authentication must be protected, otherwise authentication information, such as a session identifier, can be eavesdropped.

In a typical login situation, how many pages do you need to secure with SSL?

More articles: