SitePoint Sponsor

User Tag List

Results 1 to 4 of 4

Hybrid View

  1. #1
    SitePoint Member
    Join Date
    Aug 2001
    Location
    Sussex, WI
    Posts
    20
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Question Is this a security issue? (SSL question)

    On the Bank of America website, they have "Sign-in" area on their homepage, but the homepage is NOT on a SSL!?!?? The <FORM> that that submits the login information is submitted to a secure site, but doesn't the entire transaction have to take place on a SSL in order for it to be secure?

    http://www.bankofamerica.com/

    I have some clients that would like to be able to put a login area on their homepage, but I've been telling them they can't unless the homepage is on a SSL (https://)... is that correct?
    Sincerely,
    Todd M. Taylor

  2. #2
    The doctor is in... silver trophy MarcusJT's Avatar
    Join Date
    Jan 2002
    Location
    London
    Posts
    3,509
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    No - It is the target URL that determines whether or not the POSTed data will be encrypted or not, and thus the example site that you give is 100% fine (as far as that particular aspect goes, anyway!!)
    MarcusJT
    - former ASP web developer / former SPF "ASP Guru"
    - *very* old blog with some useful ASP code

    - Please think, Google, and search these forums before posting!

  3. #3
    SitePoint Member
    Join Date
    Oct 2002
    Location
    Suffolk UK
    Posts
    4
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Despite the fact that this method is technically fine, you still raise the issue of confidence.

    I think that most 'users' would like to be on a secure page before they start entering confidential data.

  4. #4
    Your Lord and Master, Foamy gold trophy Hierophant's Avatar
    Join Date
    Aug 1999
    Location
    Lancaster, Ca. USA
    Posts
    12,305
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Being on of the millions of BOFA customers who actually uses their online banking system, I can say that most people get that confidence because it is Bank of America not because they have a little lock that is hard to see on their browser's status bar.

    Personally, if I didn't have confidence in them or their website they wouldn't have my money.
    Wayne Luke
    ------------



Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •