Exactly how un-secure is this scenario, please note that I can't use SSL due to restrictions in the website application (yeah go figure!):
- We have a domain that is only known to the users who need to know
- The user will be inputing user name + password details into this site
How easy is it for someone to intercept the logging-in users credentials? Given that the url would not be known?
Like I say we would use SSL but the app does not work well under an SSL connection.