Tuesday, May 25, 2010

American Express Network Security

Joe Damato:

So the action is to a handler at http://dailywish.amexnetwork.com/preid2.aspx?ct=7. The lack of https doesn’t make me feel very good.

The implication is that with JavaScript validators and Ajax, Safari’s lock in the title bar is not sufficient to tell you that the session is secure. And running a browser with JavaScript off is becoming less and less palatable.

Comments RSS · Twitter

Leave a Comment