2009/6/8 Pål Bergström <rails-mailing-l...@andreas-s.net>: > > A general question regarding SSL and login. Does it matter if a login > form is not passed through SSL when sent to the user browser but the > post action is? Will the password be sent through SSL in this case?
Both need to be wrapped in SSL for proper security. If the form is not SSL then people can do MITM attacks (among others) to get the username/password sent to the wrong server. -- Aaron Turner http://synfin.net/ http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix & Windows Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. -- Benjamin Franklin --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk@googlegroups.com To unsubscribe from this group, send email to rubyonrails-talk+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---