#1 2017-09-29 13:31:28

garry
Administrator
Registered: 2017-09-27
Posts: 25

HTTP vs HTTPS

For those that are afraid to use a site that is not https, like this one , if you do some research you will find that just because it is "https", does
not mean it really is secure.  This site is secure, however I do not use https. In any event, one should keep in mind, it is a public forum / website,
This does mean viewable by general public, so obviously you should not post or submit anything that you do not want the public to see.
Or any kind of sensitive data,... If and when you join , a randomly generated password is sent to you, you should change that password , in your profile settings when you log in for your first time. Obviously, but guess it is still best to say,.. DO NOT use  the same password you use for sensitive sites,  for example, you should not use the same password you use to access your bank, or something,...that would be just plain foolish. A little common sense goes a long way.  In any event, the passwords are not stored anywhere on the system, if you lose the password or forget it, there is nothing I can do,... you would need to create a new one, and there are hoops to jump through to do that.
===========================================================================
Below are some articles I found interesting.
   And just because a site uses https, does not make it secure,...https is mostly a gimmick, being promoted to make money selling certificates,.....hopefully the
"free certificates" maybe bring a end to that,
   I found some interesting things, ....of course the "https" promoters won't like
this , but ,........ anyway:

From: https://perezbox.com/2015/07/https-does … r-website/

The actual act of securing a website is a very complex process. HTTPS does not stop attackers from hacking a website, web server or network. It will not stop an attacker from exploiting software vulnerabilities, brute forcing your access controls or ensure your websites availability by mitigating Distributed Denial of Services (DDOS) attacks.
Here are a number of articles I’ve written that better explain the dynamic nature of securing your websites, and what happens when you don’t. Notice how HTTPS has very little to do with the process. ---snip---
To prove this point, you can see various examples in recent history in which several entities had their certificates spoofed. In 2014, Threatpost reported that a number of popular entities were having theircertificates spoofed:---- read more-- 

-----------------------------------
Another:

Why HTTPS and SSL are not as secure as you think
=================

Offline

Board footer

Powered by FluxBB