Forum Moderators: open
It's also a good practice to set your browser to warn you when you are moving from a secure situation to an unsecure one. I believe this is the default set-up and would only be disabled if you clicked on a "Don't show me this warning again" box.
if the address doesn't start https:// and there isn't a lock in the corner of my browser, it isn't a secure form
actually that is not quite right. The action of the form must be a page that is https thereby making for encrypted communication. It doesn't matter if the form itself is under https.
I've spent a lot of time sniffing this scenario and as long as the form action is under https then the secure connection is established before any data is transmitted.
The log in page is "naturally" http, and I can change it to https, but the landing page after the log in is http. In IE, if I go to "Tools -> Internet Options -> Security -> Custom Level -> Miscellaneous -> Submit nonencrypted form data" and set it to "Enable" it submits just fine. But if I change that setting to "Disable", it won't submit and a browser error pops up. Sounds like a nonencrypted/nonsecure form to me.
This company has already charged me for their service and now I have to log into this form with some very sensitive information of mine. I have gone back and forth with them via email, but they have told me over and over that "my data is encrypted before it ever hits the Internet". I have gone over the whole browser test with them twice. They are being very rude about it.
Reason I'm suggesting is that it's possible that an http page submits to an https page, which in turn redirects you to an http page via something like a Location: header.
