If a form is going to submit data over a secure channel, the page containing the form should be retrieved over a secure channel also. Otherwise what’s to stop somebody intercepting and modifying the pages HTML so that the form submits the data in plain text elsewhere?
1 comment
[ 27.7 ms ] story [ 128 ms ] thread