Results 1 to 2 of 2
  1. #1
    Registered User
    Join Date
    Dec 2004
    Location
    Hay-on-Wye
    Posts
    64

    HTTPS - becoming compulsory?

    I wonder if anyone has any constructive thoughts on the rapidly growing Google-inspired move to make us all use https?

    Latest thing is a warning on my Blogger Blog:

    "This page contains HTTP resources that could cause mixed content, affecting security and user experience if the blog is viewed over HTTPS" - because I refer to my http website. It's an info only website - doesn't even carry adverts any more.

    What do you gain on such websites by using a secure server ?

    Here I reveal my ignorance - https means the data traffic between server and client is encrypted - right? How is that valuable outside a confidential / financial data scenario? Is the server any more secure against hacking / hijacking - on that I am unclear as I can't see how a certificate stops it - only my password strength / avoiding vulnerabilities on php etc help here ?

    John Crellin

  2. #2
    -- macscan's Avatar
    Join Date
    Aug 2003
    Location
    interesting question...
    Posts
    95
    HTTPS offers more useful things. For example you can be sure that there have been no MITM attacks to the page. You can validate that it is the actual server that is sending you the content and not someone else, or proxy server altering the data.

    It also stops ISPs adding there own scripts on to pages, which BT did for a while.

    In general however, you shouldn't require your downloads to be confidential to require SSL. It should just be available.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •