why not have https for all sites
Bookmark this page:
 Yahoo!
 Google
 Windows Live
 del.icio.us
 digg
 Netscape
|
|
|||||||||||||||||||||||||||||||
|
Posted by scott_doyland@johnlewis.co.uk on August 31, 2006, 11:01 am
Please log in for more thread options Hi, Ive just set myself up with wireless access at home to the internet and also decided to read a bit on public wireless AP's It seems that https is very secure when using a public AP. So why arent all sites just setup to use https, wouldnt that then take away the possibility of people sniffing any data sent. I know you'd still have to have other measures like a firewall to stop people trying to access your laptop. Regards, Scott | |||||||||||||||||||||||||||||||
|
Posted by John Navas on August 31, 2006, 11:10 am
Please log in for more thread options On 31 Aug 2006 08:01:25 -0700, "scott_doyland@johnlewis.co.uk" Puts a much greater load on the server, so it's typically only used when clearly needed. >wouldnt that then take
>away the possibility of people sniffing any data sent. Not entirely, but it would greatly improve security. >I know you'd still have to have other measures like a firewall to stop
>people trying to access your laptop. Yep. -- Best regards, FAQ for Wireless Internet: <http://Wireless.wikia.com>
John Navas FAQ for Wi-Fi: <http://wireless.wikia.com/wiki/Wi-Fi> Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_HowTo> Fixes to Wi-Fi Problems: <http://wireless.wikia.com/wiki/Wi-Fi_Fixes> | |||||||||||||||||||||||||||||||
|
Posted by Ray Taylor on September 1, 2006, 5:15 am
Please log in for more thread options
I dont know all the exact details, but https is a very complicated system. As far as i know, it takes a lot of extra server processing power because of encryption, and digital certificates have to be purchased for the server which not everyone can afford. Also, many media rich sites use plugins such as flash and java and can conflict with the permissions of those plugins to run in secure modes compared to a more relaxed open mode on the clients computer. For these reasons, https is really only used for isp control panels, and internet banking etc where auctual losses can be made by someone intercepting your connection with the secure site you are visiting. I mean why go and purchase extra server processing power, a certificate and all the rest when you are only trying to give a site with advice on looking after cats. > Hi,
> > Ive just set myself up with wireless access at home to the internet and > also decided to read a bit on public wireless AP's > > It seems that https is very secure when using a public AP. > > So why arent all sites just setup to use https, wouldnt that then take > away the possibility of people sniffing any data sent. > > I know you'd still have to have other measures like a firewall to stop > people trying to access your laptop. > > Regards, > Scott > | |||||||||||||||||||||||||||||||
|
Posted by Bill Kearney on September 1, 2006, 10:17 am
Please log in for more thread options
> As far as i know, it takes a lot of extra server processing power because
of
> encryption, and digital certificates have to be purchased for the server
> which not everyone can afford. Right, and if you start using self issued certificates you start asking users to click "OK" to things they shouldn't be approving. Certs aren't free but I seem recall there are registrars that don't gouge "too much" for them. > Also, many media rich sites use plugins such as flash and java and can
> conflict with the permissions of those plugins to run in secure modes > compared to a more relaxed open mode on the clients computer. Well, this is a lousy excuse. But it wouldn't make much sense to push that sort of content over https anyway. It's best to use https for only the parts of the sessions that truly need it. Too many sites fail to do this properly. > I mean why go and purchase extra server processing power, a certificate
and
> all the rest when you are only trying to give a site with advice on
looking
> after cats.
True, unless there's some sort of sign-in or other information that "needs" to be kept encrypted it's rather a big waste to use https. -Bill Kearney | |||||||||||||||||||||||||||||||
|
Posted by John Navas on September 1, 2006, 10:29 am
Please log in for more thread options
On Fri, 1 Sep 2006 10:17:30 -0400, "Bill Kearney" >> As far as i know, it takes a lot of extra server processing power because of
>> encryption, and digital certificates have to be purchased for the server >> which not everyone can afford. >
>Right, and if you start using self issued certificates you start asking >users to click "OK" to things they shouldn't be approving. ... > >> Also, many media rich sites use plugins such as flash and java and can
>> conflict with the permissions of those plugins to run in secure modes >> compared to a more relaxed open mode on the clients computer. >
>Well, this is a lousy excuse. But it wouldn't make much sense to push that >sort of content over https anyway. It's best to use https for only the >parts of the sessions that truly need it. Too many sites fail to do this >properly. "Properly" is really an all or nothing proposition -- otherwise "you start asking users to click 'OK' to things they shouldn't be approving" (pages partly secure and partly insecure). -- Best regards, FAQ for Wireless Internet: <http://Wireless.wikia.com>
John Navas FAQ for Wi-Fi: <http://wireless.wikia.com/wiki/Wi-Fi> Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_HowTo> Fixes to Wi-Fi Problems: <http://wireless.wikia.com/wiki/Wi-Fi_Fixes> | |||||||||||||||||||||||||||||||
| Similar Threads | Posted |
| why not have https for all sites | August 31, 2006, 11:01 am |
| how secure are https sites over wireless at a public library ? | June 4, 2006, 5:42 am |
| Connect to a https:// via wireless | July 28, 2006, 1:01 am |
| Safe to use https over unsecured wifi hotspot? | February 14, 2006, 1:42 pm |
| blocked sites | June 10, 2005, 5:25 am |
| Very Important Web Sites on the .Net | November 26, 2007, 3:35 am |
| Wireless not working with certain sites | November 29, 2005, 5:06 pm |
| Directory of Wap/Mobile Sites | December 9, 2007, 10:56 pm |
| Proxy sites list. | April 11, 2008, 1:21 am |
| Centralised Wirelss Across several sites? | July 2, 2008, 12:51 pm |
| Best Way for 2 Sites 200 feet line-of-sight?? | October 20, 2005, 12:43 am |
| Wireless network slow on some sites | February 1, 2008, 5:16 am |
| Laptop will not find Google sites when wireless | December 7, 2006, 1:43 am |
| Laptop will not find Google sites when wireless | December 7, 2006, 2:27 am |
| 74302 Great Sites for Computer and Internet Lovers | January 19, 2007, 8:40 am |
>also decided to read a bit on public wireless AP's
>
>It seems that https is very secure when using a public AP.
>
>So why arent all sites just setup to use https,