[thelist] SSL/https question from non-techie

[Tara Cleveland]

Hi all you security-type people,

I have a question that is mostly out of curiosity...

I was under the impression that a form had to be SSL (with the lock and
https) in order to be properly secure. On my ISPs "secure" customer care
site they've got a form on a regular http page where you fill out your
username and password. The form *is* sent to an https page after you hit
submit. But wouldn't my username and password be sent non-securely (is that
a word?) from my machine to that https page? They claim it's secure, but
I've always been told that the info has to be sent from a secure page.

Just wondering...

Tara
--
Tara Cleveland
Web Design and Consulting
http://www.taracleveland.com