Hi everybody, I am Chaitanya, I see no HTTPS/SSL certificate for java ranch website while passing the user id and password credentials, is the site secure?
chetan dhumane wrote:Here we are not having any payment gateways implemented .
HTTPS is not just for sites which involve financial transactions. Ulf, in his previous reply already mentioned how HTTPS is relevant for a site like JavaRanch.
chetan dhumane wrote:Here we are not having any payment gateways implemented .
Why do you need https ?
we are submitting our login credentials, password is a sensitive information, if someone opens the packets and view it how then, he can do anything with my coderanch account.
This is much easier than you think. I once used a package-sniffer, with a filter that allowed anything as long as it contained post data, on an unsecured network. Within a couple of hours I had a lot of logins and sensitive information. Of course I discarded the information I gathered.
"Any fool can write code that a computer can understand. Good programmers write code that humans can understand." --- Martin Fowler
Please correct my English.
When I did my first project one of my friend said test it under wireshark, said that you have to go for a SSL certificate, from that time onwards I always check the url.
It is a "good practice" to use HTTPS/TLS for any userid/password forms. And site that specializes in teaching how to program should lead a good example. So next time the site gets tweaked, it should be setup to use HTTPS for the login process.
Using TLS is necessary, but by no means sufficient, to make a site secure.
0
