Login Forms

Baidu Tech Salon

Aug 6, 2014 · Information Security

Security Risks of Traditional vs. Fancy Login Boxes: HTTPS, XSS, and Cache Poisoning

While traditional login pages that redirect to HTTPS offer limited protection, modern floating login boxes embedded in insecure HTTP pages expose users to HTTPS‑downgrade attacks, XSS hijacking, and cache‑poisoning that can harvest credentials, making full‑site HTTPS the only reliable defense.