6
edits
User talk:Csoma: Difference between revisions
Jump to navigation
Jump to search
→Phising: SSL auth required for "send password" (FORM)
| Line 1: | Line 1: | ||
Feel free to add your comments to this page. | Feel free to add your comments to this page. | ||
== SSL auth required for "send password" (FORM) | Feel free to add your comments to this page. | ||
== Solution to avoid "Phising" - SSL == | |||
SSL auth required for "send password" (FORM) | |||
* This is an optional, but stongly recommended feature suggested during install | * This is an optional, but stongly recommended feature suggested during install | ||
* Sending password with FORM | * Sending password with <FORM> (or Javascript.Send) checks if the page is SSL encrypted and will display an error message if there's no valid SSL certificate or if the password is sent clear text. | ||
* Will not allow adding "*" to (or changing) FORM.edit field from Javascript (avoid sproof) | * Will not allow adding "*" to (or changing) FORM.edit field from Javascript (avoid sproof) | ||
This way the user will get warning when tries to log in to an unsafe service, like phising sites. | This way the user will get warning when (s)he tries to log in to an unsafe service, like phising sites. | ||
All sites with authentication should have valid SSL certificate or should be added to "safe to login" list. | All sites with authentication should have valid SSL certificate or should be added to "safe to login" list. | ||
This solution is already in use (SSL, certificates etc.), needs only a small support from browsers (Firefox) and with correctly installed website (for ex. banks) the user does not see any change. | |||
It has the advantage that the user clearly knows when is using an unsafe website. | |||