Secure login system insecurity

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
User avatar
m3mn0n
PHP Evangelist
Posts: 3548
Joined: Tue Aug 13, 2002 3:35 pm
Location: Calgary, Canada

Secure login system insecurity

Post by m3mn0n »

Am I the only one that thinks it's pointless having a secure login system for a site if the login page process is the only part of it that's secured via https?

I mean, if I was sitting on a network with a packet sniffer reading your packets, I would be screwed out of knowing your login details, but if you were to go and check your balance for example, or read your highly sensitive e-mail for example, that information would be readily available to me if I went ahead and read those packets.

So I could not get that info myself, but I could simply let you get it for me, but I am limited to only what you see.


Is this an example of poor system design, or is this acceptable? And if it is acceptable, why?
User avatar
Weirdan
Moderator
Posts: 5978
Joined: Mon Nov 03, 2003 6:13 pm
Location: Odessa, Ukraine

Post by Weirdan »

Simple answer: it depends :)

Let's take this board as example. I wouldn't really mind if you with you best friend "1337 Packet Sniffer" were reading this post as it was submitted. Nor would I if you were reading those threads I read. But I would feel really badly if you were posting using my account.

Thus here we have the case where secure login is sufficient.
User avatar
m3mn0n
PHP Evangelist
Posts: 3548
Joined: Tue Aug 13, 2002 3:35 pm
Location: Calgary, Canada

Post by m3mn0n »

heh

Well, I really mean just in regards to a system where it's sensible and even required to use a secure login because of the information you securely view once logged in. Such as an e-mail account, auction site account, and etcetera.

I think just about all information that you could update on this site is publicly viewable (minus the password and various account configuration options).

So besides systems similar to this one, is it acceptable?
User avatar
Maugrim_The_Reaper
DevNet Master
Posts: 2704
Joined: Tue Nov 02, 2004 5:43 am
Location: Ireland

Post by Maugrim_The_Reaper »

I think a lot comes down to privacy.

Your password is private.
A forum post is not private.
A bank balance is private.

If its private then it should not be capable of being intercepted and read by other people.

By that rule, email, auction information, etc that is deemed personal private information should be accessed via https if possible. Often though that can come down to user choice - how many click the SSL option when logging into their email account?
Post Reply