Must logins be a https page

Question

Several security experts have said in the past that the login page should be on ssl https. So what if my login is a block that\'s displayed on all pages. Does that mean that

Answer 1

Even if you tried to put the login block in an iframe that uses https , a man-in-the-middle attack might change the src of that iframe easily , so you either make the loginbox a login link (with https login page) or you will need more resources to run your website with ssl for all webpages that has the login box ...