Win a copy of Mesos in Action this week in the Cloud/Virtualizaton forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Java ranch not implemented in HTTPS

 
chaitanya karthikk
Ranch Hand
Posts: 806
Java MySQL Database Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi everybody, I am Chaitanya, I see no HTTPS/SSL certificate for java ranch website while passing the user id and password credentials, is the site secure?

Sorry if I ask a wrong question.
 
Ankit Garg
Sheriff
Posts: 9521
22
Android Google Web Toolkit Hibernate IntelliJ IDE Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Moved to the Ranch Office forum.

There are lots and lots of sites which I use which don't use HTTPS, I'm not concerned personally...
 
chaitanya karthikk
Ranch Hand
Posts: 806
Java MySQL Database Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Ankit, I just asked, I know that there are lots and lots of websites. Please don't mind.
 
Ulf Dittmer
Rancher
Posts: 42967
73
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The concern is valid, though - it's not good practice to send passwords over plain HTTP.
 
chaitanya karthikk
Ranch Hand
Posts: 806
Java MySQL Database Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I see the site is being frequently updated, hope in few months it will be done.

 
chetan dhumane
Ranch Hand
Posts: 641
Android Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Here we are not having any payment gateways implemented .
Why do you need https ?
 
Jaikiran Pai
Marshal
Pie
Posts: 10447
227
IntelliJ IDE Ubuntu
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
chetan dhumane wrote:Here we are not having any payment gateways implemented .

HTTPS is not just for sites which involve financial transactions. Ulf, in his previous reply already mentioned how HTTPS is relevant for a site like JavaRanch.
 
chaitanya karthikk
Ranch Hand
Posts: 806
Java MySQL Database Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
chetan dhumane wrote:Here we are not having any payment gateways implemented .
Why do you need https ?

we are submitting our login credentials, password is a sensitive information, if someone opens the packets and view it how then, he can do anything with my coderanch account.
 
Wouter Oet
Saloon Keeper
Posts: 2700
IntelliJ IDE Opera
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
This is much easier than you think. I once used a package-sniffer, with a filter that allowed anything as long as it contained post data, on an unsecured network. Within a couple of hours I had a lot of logins and sensitive information. Of course I discarded the information I gathered.
 
chaitanya karthikk
Ranch Hand
Posts: 806
Java MySQL Database Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I think we can use wireshark to gather information.
 
Wouter Oet
Saloon Keeper
Posts: 2700
IntelliJ IDE Opera
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
That is a package-sniffer. In fact that is the sniffer I used.
 
chaitanya karthikk
Ranch Hand
Posts: 806
Java MySQL Database Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
When I did my first project one of my friend said test it under wireshark, said that you have to go for a SSL certificate, from that time onwards I always check the url.
 
Pat Farrell
Rancher
Posts: 4678
7
Linux Mac OS X VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It is a "good practice" to use HTTPS/TLS for any userid/password forms. And site that specializes in teaching how to program should lead a good example. So next time the site gets tweaked, it should be setup to use HTTPS for the login process.


Using TLS is necessary, but by no means sufficient, to make a site secure.
 
chaitanya karthikk
Ranch Hand
Posts: 806
Java MySQL Database Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ya by doing so we can gain more attention and more users.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic