Reputation: 4418
Http to Https POST
We are launching a new website(say A) and it has Username/Password to it and ours is a HTTP Site. We are POSTING Username/Password information to another site which is our another internal website(Say B) but that website is HTTPS site. Our 'A' site don’t handle Authorization and Authentication and neither we have Data bases nor their going to be any back communications(for error handling stuff like that) to the 'B' From 'A'. we tranfer them to the B website altogether and no coming back.
My Question is
Is the information I am Posting from HTTP to HTTPS site is secure? If yes How its secure. If No why.
Upvotes: 3
Views: 2584
Answers (2)
Reputation: 17728
Provided the user can verify the absence of scripts running on site A, it's possible to ensure that it's secure. What makes it a generally bad practice is that it's vulnerable to an active man in the middle who changes the form target or inserts a malicious script in the context of site A to steal the password and send it away before it gets submitted to the (secure) site B.
Upvotes: 0
Reputation: 905
The data will be encrypted from the browser to website B, but the end-user has no assurance that website B is who it claims to be. A "man in the middle" attack could be used which would deliver the secure information to the phony site.
Therefore, your login page should be hosted on website B and delivered using SSL (https).
Upvotes: 3
Related Questions
- Encrypting HTTP POST data
- Encryption in Transit: HTTP to HTTPS
- How to POST to HTTPs?
- Form Post HTTPS
- Is a POST from HTTP to HTTPS secure?
- Connect through HTTPS instead of HTTP
- HTML: Post form from http to https
- How to change https to http
- Changing from an HTTP post to an HTTPS post with PHP
- Ajax post via https from an http page