Secure sign-in

Subject: Secure sign-in
From: Justin L. Dieters (enderak@yahoo.com)
Date: Tue Jan 22 2002 - 11:51:39 AKST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Tom: "Re: Average Cable Modem Usage ?"
• Previous message: Mike Tibor: "Re: Watercooling?"
• Next in thread: Mike Tibor: "Re: Secure sign-in"

Hello all. There was some talk about Credit Union 1's website not being
secure at one of the APULUG meetings a while back, and since I use CU1
myself, I was a tad concerned. So I e-mailed their webmaster, and this
is what I got back for a reply. I was hoping someone who knows a bit
more about this stuff than I would be able to give an analysis of his
reply. I copied his reply below - does this sound correct (a.k.a.
safe), or do I need to switch to a different bank?

----------
You are correct, that the login pages are not secure. However, the
login process is all handled by a Java script. When you click the "Log
On" button, the Java script takes over, and sends a "dummy" member
number of 0 to the host, to establish a secure connection. Once the
secure connection has been established and confirmed, only then are your
account number and password transmitted to the server.

If you look at the source code for the page, you will see a line that says,
<INPUT TYPE="HIDDEN" NAME="DUMMY" VALUE="0">, and that is what it does.
---------

Thanks,
Justin
www.enderakonline.com

_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com

• Next message: Tom: "Re: Average Cable Modem Usage ?"
• Previous message: Mike Tibor: "Re: Watercooling?"
• Next in thread: Mike Tibor: "Re: Secure sign-in"

This archive was generated by hypermail 2a23 : Tue Jan 22 2002 - 11:51:47 AKST