Thread: A question about SSL secured authentication

Hello everyone,
I have developed a website which is hosted on, let's say, domain.com and I'm adding a third level domain for each company that wants to use its services. For instance I have:

company1.domain.com
company2.domain.com

and so on...
On each domain there is a login form which visitors use to authenticate themselves.

Now, I want to make the login process secure but I can't afford to buy a certificate for each subdomain or a wildcard certificate which are expensive, so I will just purchase an SSL certificate for the login.domain.com subdomain.

I don't want my visitors to actually see a redirection to login.domain.com before they can type in their username and password, what I want is to keep them able to log-in like they always did, from their preferred subdomain (ie. company1.domain.com).

Do you think just putting a form on an unprotected site (http://company1.domain.com), whose action attribute points to an SSL site (https://login.domain.com) will be enough to protect their username and password from sniffing?
Or does the form itself has to be placed on a https site?

<!--this is placed on a page on http://company1.domain.com-->
<form method="POST" ACTION="https://login.domain.com/login.aspx">
Username: <input type="text" name="username" value="">
Password: <input type="text" name="password" value="">
<input type="submit" value="Send">
</form>

Right after authentication, login.domain.com would redirect to the referrer (ie: from where the user came).

Bye, thanks.