homepage Welcome to WebmasterWorld Guest from 54.237.71.86
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / WebmasterWorld / Webmaster General
Forum Library, Charter, Moderators: phranque & physics

Webmaster General Forum

    
Using an iframe for login details -- seems insecure
londrum




msg:4179687
 10:32 am on Jul 31, 2010 (gmt 0)

i just noticed the other day that Google uses an iframe for its login box. if you go to the adsense homepage, for example, it seems like it's one complete page, but the login area is actually an iframe.
the only reason i noticed is because they had a temporary server error showing in that area of the page.

now, this is google we're talking about, so i realise that it is 100% secure, and there's nothing to worry about. but it just seems a bit unsecure to me.

when you visit that homepage, people will see a little padlock on their browser to show them its safe. and they will also see the https: bit at the start of the URL. so normally you'd think its fine. but i'm guessing that 99% of those users are just like me and wont realise that they are actually entering their login details into a completely different URL.

in this instance, it doesn't matter, because its google. but if a dodgy site did it, how would you know that you are logging into another URL? there is not a single thing in your browser to tell you.

 

fmosse




msg:4180266
 6:00 pm on Aug 1, 2010 (gmt 0)

Hi!

Yes, but that iframe is also secure with https...

Look:

https://www.google.com/accounts/ServiceLoginBox?service=adsense&ltmpl=login&ifr=true&rm=hide&fpui=3&nui=15&alwf=true&passive=false&continue=https%3A%2F%2Fwww.google.com%2Fadsense%2Flogin-box-gaiaauth&followup=https%3A%2F%2Fwww.google.com%2Fadsense%2Flogin-box-gaiaauth&hl=es

Yours!
Francisco

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Webmaster General
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved