security - Should a web page with a login form be secured? -
There is a question in the title, but I will expand.
Say I have a non-secure page, but I do not want the data that the user is posting on my web server so that it can block anyone. Do I need a secure URL for the form Service or simply Post form?
By serving the unprotected form, you post your form to a man-in-the-middle Allow change of destination, giving attacker crop login information. But the attacks of MITM are not common, so you are probably serving an unsafe farm.
Comments
Post a Comment