Page is a not externally linkable
RWSteele - 6:17 pm on May 17, 2006 (gmt 0)
I agree, a bad design move and possibly a move that could loose some trust. I'm around this stuff more than the average Joe and I still question it. When it comes to HTTPS, I thought that the transaction wasn't secure until the page you were submitting data from was HTTPS? Maybe I don't understand, but I thought there was some "handshaking" that went on between the client and server and to authenticate keys/certificates? Feel free to tell me if I need to brush up my protocols. I don't have much experience working in "secure environments", but how much overhead can this possibly add? Is it the reduction in traffic to the server or what? I found this paper from 1999. Except for servers being a "little" faster, the entire process should still the same.
Thanks everyone for the input. The perception is that the form is NOT secure.... It's bad design IMO. There's little cost in providing a sense of security to the user by securing the empty form. I think I can see a possible man in the middle attack. ...the difference in speed should be negligible.
[cs.nyu.edu ]