| || |
7th May 2016, 05:46 PM #1
HTTPS - becoming compulsory?
I wonder if anyone has any constructive thoughts on the rapidly growing Google-inspired move to make us all use https?
Latest thing is a warning on my Blogger Blog:
"This page contains HTTP resources that could cause mixed content, affecting security and user experience if the blog is viewed over HTTPS" - because I refer to my http website. It's an info only website - doesn't even carry adverts any more.
What do you gain on such websites by using a secure server ?
Here I reveal my ignorance - https means the data traffic between server and client is encrypted - right? How is that valuable outside a confidential / financial data scenario? Is the server any more secure against hacking / hijacking - on that I am unclear as I can't see how a certificate stops it - only my password strength / avoiding vulnerabilities on php etc help here ?
1st November 2016, 09:56 PM #2
HTTPS offers more useful things. For example you can be sure that there have been no MITM attacks to the page. You can validate that it is the actual server that is sending you the content and not someone else, or proxy server altering the data.
It also stops ISPs adding there own scripts on to pages, which BT did for a while.
In general however, you shouldn't require your downloads to be confidential to require SSL. It should just be available.
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)