wood burning stoves 2.0*
The moose likes Ranch Office and the fly likes Java ranch not implemented in HTTPS Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » This Site » Ranch Office
Bookmark "Java ranch not implemented in HTTPS" Watch "Java ranch not implemented in HTTPS" New topic
Author

Java ranch not implemented in HTTPS

chaitanya karthikk
Ranch Hand

Joined: Sep 15, 2009
Posts: 806

Hi everybody, I am Chaitanya, I see no HTTPS/SSL certificate for java ranch website while passing the user id and password credentials, is the site secure?

Sorry if I ask a wrong question.


Love all, trust a few, do wrong to none.
Ankit Garg
Sheriff

Joined: Aug 03, 2008
Posts: 9305
    
  17

Moved to the Ranch Office forum.

There are lots and lots of sites which I use which don't use HTTPS, I'm not concerned personally...


SCJP 6 | SCWCD 5 | Javaranch SCJP FAQ | SCWCD Links
chaitanya karthikk
Ranch Hand

Joined: Sep 15, 2009
Posts: 806

Hi Ankit, I just asked, I know that there are lots and lots of websites. Please don't mind.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42276
    
  64
The concern is valid, though - it's not good practice to send passwords over plain HTTP.


Ping & DNS - my free Android networking tools app
chaitanya karthikk
Ranch Hand

Joined: Sep 15, 2009
Posts: 806

I see the site is being frequently updated, hope in few months it will be done.

chetan dhumane
Ranch Hand

Joined: Jan 07, 2009
Posts: 629

Here we are not having any payment gateways implemented .
Why do you need https ?


http://www.androcid.com/
Jaikiran Pai
Marshal

Joined: Jul 20, 2005
Posts: 10202
    
166

chetan dhumane wrote:Here we are not having any payment gateways implemented .

HTTPS is not just for sites which involve financial transactions. Ulf, in his previous reply already mentioned how HTTPS is relevant for a site like JavaRanch.

[My Blog] [JavaRanch Journal]
chaitanya karthikk
Ranch Hand

Joined: Sep 15, 2009
Posts: 806

chetan dhumane wrote:Here we are not having any payment gateways implemented .
Why do you need https ?

we are submitting our login credentials, password is a sensitive information, if someone opens the packets and view it how then, he can do anything with my coderanch account.
Wouter Oet
Saloon Keeper

Joined: Oct 25, 2008
Posts: 2700

This is much easier than you think. I once used a package-sniffer, with a filter that allowed anything as long as it contained post data, on an unsecured network. Within a couple of hours I had a lot of logins and sensitive information. Of course I discarded the information I gathered.


"Any fool can write code that a computer can understand. Good programmers write code that humans can understand." --- Martin Fowler
Please correct my English.
chaitanya karthikk
Ranch Hand

Joined: Sep 15, 2009
Posts: 806

I think we can use wireshark to gather information.
Wouter Oet
Saloon Keeper

Joined: Oct 25, 2008
Posts: 2700

That is a package-sniffer. In fact that is the sniffer I used.
chaitanya karthikk
Ranch Hand

Joined: Sep 15, 2009
Posts: 806

When I did my first project one of my friend said test it under wireshark, said that you have to go for a SSL certificate, from that time onwards I always check the url.
Pat Farrell
Rancher

Joined: Aug 11, 2007
Posts: 4659
    
    5

It is a "good practice" to use HTTPS/TLS for any userid/password forms. And site that specializes in teaching how to program should lead a good example. So next time the site gets tweaked, it should be setup to use HTTPS for the login process.


Using TLS is necessary, but by no means sufficient, to make a site secure.
chaitanya karthikk
Ranch Hand

Joined: Sep 15, 2009
Posts: 806

Ya by doing so we can gain more attention and more users.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Java ranch not implemented in HTTPS