[FX.php List] Is https from within and http page safe?
Steve Winter
steve at bluecrocodile.co.nz
Fri Jun 27 14:18:53 MDT 2014
Hi Tony
I agree with Troy (frankly only a fool wouldn't).
If the page is loaded via http then there is no way to guarantee that it hasn't been tampered with prior to its arrival in your browser. Both the origin and the destination must be encrypted for the transaction to be considered 'safe' (safe being an entirely relative term when it comes to the web ;-).
Happy Friday
Steve
Steve Winter
+44 777 852 4776
> On 27 Jun 2014, at 20:20, Tony White <tony_white at twdesigns.com> wrote:
>
> Hi Web Experts,
>
> Is https from within an http page safe?
> After reading this...
>
> Troy Hunt: SSL is not about encryption
> http://www.troyhunt.com/2011/01/ssl-is-not-about-encryption.html
>
> [begin excerpt]
> Exploiting the HTTP to HTTPS pattern
>
> The simplest way to illustrate the risk of this is by looking at a typical man-in-the-middle attack:
>
> The attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker.
> [end excerpt]
>
> ...I would say no.
>
> What do you say?
>
> TIA.
>
> <image.png>
>
> All the best,
>
>
> Tony White
> Tony White Designs, Inc.
> Tel: 646-714-2797 (Google Voice)
> Tel: 718-797-4175
> tony_white at twdesigns.com
> http://www.twdesigns.com
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.iviking.org/pipermail/fx.php_list/attachments/20140627/aaa858a3/attachment.html
More information about the FX.php_List
mailing list