aspose file tools*
The moose likes Ranch Office and the fly likes Java ranch not implemented in HTTPS Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » This Site » Ranch Office
Bookmark "Java ranch not implemented in HTTPS" Watch "Java ranch not implemented in HTTPS" New topic
Author

Java ranch not implemented in HTTPS

chaitanya karthikk
Ranch Hand

Joined: Sep 15, 2009
Posts: 800

Hi everybody, I am Chaitanya, I see no HTTPS/SSL certificate for java ranch website while passing the user id and password credentials, is the site secure?

Sorry if I ask a wrong question.


Love all, trust a few, do wrong to none.
Ankit Garg
Sheriff

Joined: Aug 03, 2008
Posts: 9280
    
  17

Moved to the Ranch Office forum.

There are lots and lots of sites which I use which don't use HTTPS, I'm not concerned personally...


SCJP 6 | SCWCD 5 | Javaranch SCJP FAQ | SCWCD Links
chaitanya karthikk
Ranch Hand

Joined: Sep 15, 2009
Posts: 800

Hi Ankit, I just asked, I know that there are lots and lots of websites. Please don't mind.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 39549
    
  27
The concern is valid, though - it's not good practice to send passwords over plain HTTP.


Ping & DNS - updated with new look and Ping home screen widget
chaitanya karthikk
Ranch Hand

Joined: Sep 15, 2009
Posts: 800

I see the site is being frequently updated, hope in few months it will be done.

chetan dhumane
Ranch Hand

Joined: Jan 07, 2009
Posts: 629

Here we are not having any payment gateways implemented .
Why do you need https ?


http://www.androcid.com/
Jaikiran Pai
Marshal

Joined: Jul 20, 2005
Posts: 9327
    
110

chetan dhumane wrote:Here we are not having any payment gateways implemented .

HTTPS is not just for sites which involve financial transactions. Ulf, in his previous reply already mentioned how HTTPS is relevant for a site like JavaRanch.

[My Blog] [JavaRanch Journal]
chaitanya karthikk
Ranch Hand

Joined: Sep 15, 2009
Posts: 800

chetan dhumane wrote:Here we are not having any payment gateways implemented .
Why do you need https ?

we are submitting our login credentials, password is a sensitive information, if someone opens the packets and view it how then, he can do anything with my coderanch account.
Wouter Oet
Saloon Keeper

Joined: Oct 25, 2008
Posts: 2700

This is much easier than you think. I once used a package-sniffer, with a filter that allowed anything as long as it contained post data, on an unsecured network. Within a couple of hours I had a lot of logins and sensitive information. Of course I discarded the information I gathered.


"Any fool can write code that a computer can understand. Good programmers write code that humans can understand." --- Martin Fowler
Please correct my English.
chaitanya karthikk
Ranch Hand

Joined: Sep 15, 2009
Posts: 800

I think we can use wireshark to gather information.
Wouter Oet
Saloon Keeper

Joined: Oct 25, 2008
Posts: 2700

That is a package-sniffer. In fact that is the sniffer I used.
chaitanya karthikk
Ranch Hand

Joined: Sep 15, 2009
Posts: 800

When I did my first project one of my friend said test it under wireshark, said that you have to go for a SSL certificate, from that time onwards I always check the url.
Pat Farrell
Rancher

Joined: Aug 11, 2007
Posts: 4637
    
    5

It is a "good practice" to use HTTPS/TLS for any userid/password forms. And site that specializes in teaching how to program should lead a good example. So next time the site gets tweaked, it should be setup to use HTTPS for the login process.


Using TLS is necessary, but by no means sufficient, to make a site secure.
chaitanya karthikk
Ranch Hand

Joined: Sep 15, 2009
Posts: 800

Ya by doing so we can gain more attention and more users.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Java ranch not implemented in HTTPS
 
Similar Threads
book giveaways
5 letter scrabble
Cool Names for Bands/Artists
WA #1.....word association
How to convert HashMap to JavaBean