Thread: http - how secure is it?
View Single Post
Old 29-09-2021, 12:07   #37
MikeyB
cf.geek
 
MikeyB's Avatar
 
Join Date: Jun 2003
Location: Swindon
Age: 52
Services: BT FTTP, Humax Foxsat HDR Freesat+
Posts: 810
MikeyB has much to be proud ofMikeyB has much to be proud ofMikeyB has much to be proud ofMikeyB has much to be proud ofMikeyB has much to be proud ofMikeyB has much to be proud ofMikeyB has much to be proud ofMikeyB has much to be proud ofMikeyB has much to be proud ofMikeyB has much to be proud of
Re: http - how secure is it?
Quote:
Originally Posted by Rillington View Post
Thank you for the reply Mike.

So are you saying that there is a higher risk of browsing/downloading content from a site that does not use https?
No, HTTPS does not mean the contents (or the coding/backend security) of the site is any more secure than a site without HTTPS, they are two separate things completely.

HTTPS means that the data sent between your browser & the website is encrypted so no one else can snoop on it or tamper with it before it gets to you.

I would be wary of completing any form on a site with just HTTP as anything you put in is sent back to the server in text exactly as you put on the form. HTTPS will encrypt this.

---------- Post added at 12:07 ---------- Previous post was at 11:54 ----------

Quote:
Originally Posted by Dude111 View Post
But I just think its silly to block HTTP.. Its just scare mongering when we have been using HTTP all along and have been fine.....

This message on tapeheads speaks loudly of this

www.tapeheads.net/showthread.php?t=59798

Although he does have an SSL cert now but not many use it.
What absolute nonsense, there is no scare mongering about HTTPS.
HTTP is in no way secure, everything is sent in plain text, whereas HTTPS encrypts data, it's as simple as that.

As for that post you link to on tapeheads, I really don't know what to say.
First goes on about "compromise of your computer" well if your computer is compromised, HTTPS will not help you!

"At Tapeheads, everything you send and everything you receive is handled in plain, unencrypted text." well yes, if you don't use HTTPS then everything is transmitted & received unencrypted.

"We don't run a secure connection to users because we don't need to" so why do they have HTTPS as well now, and why are they not redirecting HTTP to HTTPS?

"Enabling an https connection adds overhead and complexity that's just not of any benefit whatsoever to anyone." No it doesn't, get a certificate (can be got for free) add it to your hosting, and setup an HTTP to HTTPS redirect, and it's a benefit to everyone

"The only possible ramification of this is that if a user is subject to a man-in-the-middle exploit, their login might be compromised" So they don't care if your login details get stolen whilst logging in, great site! one to stay away from!

And finally "secure connections break this version of vBulletin" Um, so update your software, easy!
MikeyB is offline   Reply With Quote