6 Aug
2011
6 Aug
'11
10:52 a.m.
On Sat 06 Aug 2011 13:39 +0200, Thomas Bächler wrote:
Alternatively: Do not display a login form on http, instead display a link "If you want to login, switch to a secure connection first.". This way, the user verifies the certificate and URL first (by looking at the URL bar), then enters his password.
I agree with this. As long as the rest of the site is functional via http.