Kissa Mia Kissa Mia - 22 days ago 6
HTML Question

How to safely submit a form over HTTPS?

I have an HTML form and I have SSL running on my site and all the pages are over HTTPS.

So here is the question, Is it safe to just submit the login form in this way? and HTTPS to another HTTPS page.

<form id="login" method="post" action="assets/process.php">
<a href="#" id="flipToRecover" class="flipLink">Forgot?</a>
<input type="text" name="logEmail" id="lonEmail" value="Email" />
<input type="password" name="lonPass" id="logPass" value="pass" />
<input type="submit" name="submit" value="Login" />
</form>


I was checking all around the internet to have a clear answer to my question but still I feel myself in the middle of nowhere, so decided to ask the professionals here. Someone gave me a link describing the principal of TLS and SSL, It was very helpful to understand and study them but still the question resists in my mind.

Answer

I am not a security professional but I really like the subject. The word safe depends on many things, if you are using https you are creating tunnel "connect ip_address" which establishes an encrypted session with the server, which of course can be seen by anyone, but the only thing that can be sniff(intercept) is encrypted information therefore it is very difficult to see the real data. Another thing that can happen is that intercept your cookies and pose as the user, so nothing is safe, everything depends on the will and the skills of the person who wants break your security. Hope it helps.