|
 Search
| View previous topic :: View next topic |
| Author |
Message |
droopycom
Guest
|
 Posted: Wed Dec 12, 2007 1:53 pm Post subject: SSL |
 |
|
Hi,
On the subject of this FAQ:" It says you use SSL to encrypt eBay user IDs and passwords but when I was logging in, I do not see a padlock symbol. Does this mean my eBay user ID and password are at risk? "
The FAQ answer that the login/password are safe because the target when I click on the "log in" button is an SSL session. While it is true that the password will be encrypted in the SSL session, I have no way to trust the site is really gixen.
In particular a common attack would be to make a spoof gixen website that looks exactly the same but does still your password when you click the log in now button.
The purpose of SSL is not only to encrypt what you send, but also to authenticate what you receive.
Granted, many people would also be fooled by a spoofed SSL certificate, but a few paranoid types are carefully checking. |
|
| Back to top |
|
 |
mario
Site Admin
Joined: 03 Oct 2006
Posts: 7126
|
| Posted: Wed Dec 12, 2007 3:09 pm Post subject: |
|
|
Well stealing your password is not possible if the action tag points to Gixen, but I can see your point - most people in such a situation would not check this. Spoofed SSL certificate would not work, as there would be a big warning by every browser out there.
Overall, I don't see encrypting just the password and not the content as a big issue - gmail does it for hundreds of millions of users every day. |
|
| Back to top |
|
|
|
|
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
© 2006 - 2023 Gixen.com. Forum powered by phpBB © 2001, 2005 phpBB Group.
|
|
