No the most elegant solution; just view the source of the form using firebug and look for the action attribute of the form. You can see it’s sending it to godaddys website using SSL.
That doesn’t change the fact that on the backend the data could be sent to someone in Nigeria. Any way you slice it once you give them the data GoDaddy could be sharing it with anyone including the government. Though that goes for any company really. It just comes down to trusting your provider.
On a normal website, you would click on the “Log-in” link, and be taken to another page (e.g. https://www.Debbie.com/log-in.php ) with a Web Form on that same page.
So when you submitted that form, you would be reassured that your Log-In Credentials were going directly from the web form at “log-in.php” to Debbie, Inc.'s server’s. And, you would know that the data “in transit” was travelling safely over HTTPS.
With GoDaddy’s website, first of all, you start off on http://www.GoDaddy.com/# which is NOT secure.
Next, after clicking on the link, you get the is Pop-Up Form and have no way of knowing if that Form is secure?! :-/
If you are on an unencrypted page to start with, and then you get a Pop-Up Form, would you trust that your Username/Password are being encrypted before they go to GoDaddy??
I wouldn’t!!
And GoDaddy provides no way to get around this new “cutesy” design… :mad:
Just because you’re viewing the form securely doesn’t mean that it’s submitting securely. Likewise, just because you’re viewing the form at log-in.php doesn’t mean that it’s submitting to that same place.
Unless you want to dive into the site’s code, you’ll need the browser to help you. Some browsers will give you the option to “Warn me before submitting insecure information.” But even that won’t always help. Sometimes – oftentimes, these days – forms aren’t submitted in the traditional way. Instead, JavaScript will often capture the form submit event and do special processing. Sometimes that processing includes sending a request to the server to check your login in an ajaxy way.
So, how then can you know ahead of time whether your submission will be secure? Probably you can’t. Sorry. Best you can do is to check after the fact by watching the network console.
I think ralph’s link is definitely worth watching and learning from. It talks about a security issue that isn’t often covered. Their premise is that the security of the submission isn’t all that matters, that sending the form itself must also be secure. Otherwise the form’s markup could be altered in transit, for example, to insert a script that logs your keystrokes.
1.) http://www.godaddy.com/# with a Pop-Up Form which supposedly uses Java “in an out of the norm process for logging in to prevent malicious activities”
Also, would you ever use GoDaddy to Host a website?? (I have a VPS with them currently).
For all of my bashing in this thread, there are some things that attracted me to, and have kept me with GoDaddy…
a.) All Staff based in U.S.
b.) All Servers based in U.S.
c.) Affordable Servers for someone on a “shoe-string budget”
d.) 24/7 Phone & Chat Access
(Yeah, I think a lot of their technical people are clueless, but for a beginner like me, the 24/7 access is in some ways as important as having access to “experts” 9-to-5, if you follow.)
I hate to let something like a Log-In Form make me upend my life, but it does bother me…
And the last thing I need to to have issues with my Virtual Private Server when I “go live” soon…
At least the second page is https protected, so that looks better to me.
Also, would you ever use GoDaddy to Host a website?? (I have a VPS with them currently).
In the past, I’ve always heard it’s not a good idea, as they are mainly a domain host. I’ve seen lots of people here having problems with various things like sending email, and it turns out that GD was limiting what they could do. However, things may have changed. Surely a VPS should give reasonable quality. I guess you should judge from the service you get. But there are thousands of good hosts in the US, so US-based is not much of a reason to choose GD on its own.
Would the fact that they don’t use an HTML Form - I didn’t even know you could do that - but instead entirely use JavaScript, freak you out as far as security goes?
In the past, I’ve always heard it’s not a good idea, as they are mainly a domain host. I’ve seen lots of people here having problems with various things like sending email, and it turns out that GD was limiting what they could do. However, things may have changed. Surely a VPS should give reasonable quality. I guess you should judge from the service you get. But there are thousands of good hosts in the US, so US-based is not much of a reason to choose GD on its own.
Who does SitePoint use to host this website?
And are there any U.S.-based web hosting companies that you’d recommend?
I’m looking for ones that are reasonably priced, yet deal with serious hosting (e.g. businesses, e-commerce).
Not sure, but some kind of cloud hosting I think—too complex for me.
And are there any U.S.-based web hosting companies that you’d recommend?
I used to use KnownHost. After a lot of research, I settled on them as the best and most cost-effective option for a VPS. After being with them for about 4 years, I can honestly say they were excellent, and I’d highly recommend them. The only reason I left them was because it’s slow uploading stuff from Australia to the US, so I decided to move to a local host.
Oops, I took a second look, and see I missed it in FireBug.
So, it looks like JavaScript determines the Action location, right? (But, of course, how would I know it is going to HTTPS other than assuming GoDaddy cares about security?!)
