Is it secure to submit from a HTTP form to HTTPS?

by

Posting a form from an http page to an https page does encrypt the data in the form when it is transmitted in the most simple terms. If there is a man-in-the-middle attack, the browser will warn you.

However, if the original http form was subjected to man-in-the-middle and the https post-back address was modified by the attacker, then you will get no warning. The data will still actually be encrypted, but the man-in-the-middle attacker would be able to decrypt (since he sent you the key in the first place) and read the data.

Also, if the form is sending things back through other means (scripted connections) there may be a possibility of unencrypted data being sent over the wire before the form is posted (although any good website would never do this with any kind of sensitive data).

More Related Contents:

  1. How to redirect all HTTP requests to HTTPS
  2. Are querystring parameters secure in HTTPS (HTTP + SSL)? [duplicate]
  3. Will web browsers cache content over https
  4. Are HTTPS headers encrypted?
  5. With HTTPS, are the URL and the request headers protected as the request body is?
  6. Username and password in https url
  7. If you use HTTPS will your URL params will be safe from sniffing? [duplicate]
  8. Should I hash the password before sending it to the server side?
  9. https URL with token parameter : how secure is it?
  10. SSL Error: unable to get local issuer certificate
  11. Is HTTP header Referer sent when going to a http page from a https page?
  12. curl – Is data encrypted when using the –insecure option?
  13. How to redirect all HTTP requests to HTTPS using .htaccess rules?
  14. WS on HTTP vs WSS on HTTPS
  15. Why not use HTTPS for everything?
  16. Difference between Hashing a Password and Encrypting it
  17. XMLHttpRequest cannot load file. Cross origin requests are only supported for HTTP
  18. How to allow http content within an iframe on a https site [duplicate]
  19. What is the best way to prevent session hijacking?
  20. Why is security through obscurity a bad idea? [closed]
  21. Allowing Java to use an untrusted certificate for SSL/HTTPS connection
  22. Will HTML Encoding prevent all kinds of XSS attacks?
  23. How to properly do private key management
  24. What is a retpoline and how does it work?
  25. How to pass the value of a variable to the standard input of a command?
  26. Best practices for server-side handling of JWT tokens [closed]
  27. How do I secure REST API calls?
  28. What are best practices for securing the admin section of a website? [closed]
  29. How can I hash passwords in postgresql?
  30. Has Hardware Lock Elision gone forever due to Spectre Mitigation?

Leave a Comment