[Sussex] Switching from HTTP to HTTPS

Andy Smith andy at lug.org.uk
Tue Jan 23 23:47:02 UTC 2007


On Tue, Jan 23, 2007 at 07:33:54PM +0000, Colin Tuckley wrote:
> Brendan Whelan wrote:
> > Thank you all for the quick responses and useful information.
> > I will have a chat with the client tomorrow and see what they want to do. 
> 
> Going to https is probably overkill, why not just password protect that
> (sub)directory on the site?

Without https the password will generally be going over plain text
(barring some of the more unusual auth methods which frankly are more
trouble than just using https).

If there is any sensitive data in there then that's not good either.

The site is probably not insecure now, going via https with some
"nonsecure elements", it's most likely just the browser being
paranoid.  But it's good to get these things fixed as users don't
like surprises.

Cheers,
Andy

-- 
http://bitfolk.com/ -- No-nonsense VPS hosting
Encrypted mail welcome - keyid 0x604DE5DB
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://mailman.lug.org.uk/pipermail/sussex/attachments/20070123/a88842c2/attachment.pgp 


More information about the Sussex mailing list