We have McAfee Secure scanning our website and they're coming up with an alert for "Unencrypted Sensitive Form Detected". The pages and forms it is alerting me on are all pages that have the search and email subscription forms. I'm just wondering, can this be marked as a false positive or should the email form be encrypted? If it should be, where would I go to do that?
Thanks,
Wil
McAfee Secure Scan Alert
Re: McAfee Secure Scan Alert
We had a number of those as well. It is my understanding it is a bug with McAfee. I reported it as a false positive and they went away.wilhud wrote:We have McAfee Secure scanning our website and they're coming up with an alert for "Unencrypted Sensitive Form Detected". The pages and forms it is alerting me on are all pages that have the search and email subscription forms. I'm just wondering, can this be marked as a false positive or should the email form be encrypted? If it should be, where would I go to do that?
Thanks,
Wil
- jmestep
- AbleCommerce Angel
- Posts: 8164
- Joined: Sun Feb 29, 2004 8:04 pm
- Location: Dayton, OH
- Contact:
Re: McAfee Secure Scan Alert
Yes, we had that also on a contact form. If McAfee won't take the warning away, you would need to put that page under SSL.
Judy Estep
Web Developer
jestep@web2market.com
http://www.web2market.com
708-653-3100 x209
New search report plugin for business intelligence:
http://www.web2market.com/Search-Report ... -P154.aspx
Web Developer
jestep@web2market.com
http://www.web2market.com
708-653-3100 x209
New search report plugin for business intelligence:
http://www.web2market.com/Search-Report ... -P154.aspx
Re: McAfee Secure Scan Alert
Hi Judy,
The forms are on a lot of pages though. Is it possible to just have the form connect using SSL only when it posts? I would have to make our entire site SSL encrypted otherwise. That seems like it would be overkill for something that doesn't even really need to be encrypted. I can see encrypting email maybe, but not user searches for a mug or a dvd or something.
The forms are on a lot of pages though. Is it possible to just have the form connect using SSL only when it posts? I would have to make our entire site SSL encrypted otherwise. That seems like it would be overkill for something that doesn't even really need to be encrypted. I can see encrypting email maybe, but not user searches for a mug or a dvd or something.