The page you're on doesn't have to be padlocked as long as it submits to an
SSL-protected page. I remember an article in the WSJ a few months ago that
banks were changing this because the SSL encryption of the first page (with
the logion box) was eating up too much processing. Their sites work on a
scale much larger than anything I work on does, so I'm usually inclined to
SSL protect the login page as well. Since ASPX pages post back to
themselves, I'm not exactly sure how you'd pull off a secure postback
properly (ASP.NET 2.0 pages can submit to another page, but 1.x can't
without some serious tinkering).
If you view the source of the Bank of America page, you'll find this as part
of the login code:
<form name="frmSignIn"
action="https://onlineid.bankofamerica.com/cgi-bin/sso.login.controller?nosc
ript=true
See the HTTPS now?
<sh*******@yahoo.com> wrote in message
news:11**********************@g44g2000cwa.googlegr oups.com...
Hi Everyone,
I am working on an ASP.net application and I have a homepage to which
everyone visits of course and on that front page I have a user ID and
password box and a login button.
What I don't understand is some sites I visit don't use SSL on the
login page. Instead you visit the homepage and there is no padlock.
Then you type in your user ID and password and then click login and
then it redirects to a secure area.
How do you do this and is it secure? If you want an example visit
(www.chase.com or www.bankofamerica.com). Both feature logins on the
home page but they aren't padlocked when you visit.
I am lost, any help would be great!
