jv wrote:
When I want to login at my online bank account, I get the warning that:
'Although this page is encrypted, the information you have entered is to
be sent over an unencrypted connection and could easily be read by a
third party.'
I want to make sure if this warning is correct before I report it to my
bank, because IE does not mention any security risks.
The url where I login is:
https://www.p3.postbank.nl/sesam/SesamLoginServlet
Can you provide additional information?
The "action" for this form is not https but rather is javascript.
The browser doesn't know (prior to interpreting the javascript)
what the javascript is going to do with the form data, so it assumes
the worst, and you get this warning. Perhaps the warning should say
"The data from this form is being sent through a script rather than
directly and immediately through secure https, and so I cannot be
sure that the data will be sent securely to the server."
In this case, the javascript appears to me to post the form data
securely to the server.
Communicator 4.x handled this case by waiting to see whether the
subsequent outgoing network connection done by the script was http
or https, and warning only if it was not https. But mozilla warns
before the script is run, as I understand it. Sigh.
--
Nelson B
_______________________________________________
Mozilla-security mailing list
[EMAIL PROTECTED]
http://mail.mozilla.org/listinfo/mozilla-security
