Is it secure or not?

Submitted by gwolf on Wed, 06/25/2008 - 10:11
Is it secure or not?

Firefox 3 allowed me to grant an exception on a self-signed SSL certificate for penta.debconf.org. The connection is crypted... But it seems Firefox does not realize it

( categories: )
Anonymous's picture

True, "Not encrypted" is

Submitted by Anonymous (not verified) on Thu, 06/26/2008 - 02:15.

True, "Not encrypted" is wrong, and "partially encrypted" would better describe the connection.

But because the browser gets the images/css through a plaintext link, a lot of information can/will leak:
- the adress of the https page will be available in the clear (broweser submits it in the referer field)
- if the site encodes login&passwd in the URL (..?id=123&pass=456), this infocmation is available in plaintext too.

So, it may well be a lot safer to just encrypt the whole connection. So mutch so, that I can even understand firefox reports it as 'not encrypted'.

(I'm with you on the stupid 'do you really wan tot connect to the scammers that didn't pay big bucks to ssl cert providers, though)

Post new comment

The content of this field is kept private and will not be shown publicly. If you have a Gravatar account associated with the e-mail address you provide, it will be used to display your avatar.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <br> <b> <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <blockquote> <img> <h1> <h2> <h3> <tt> <pre> <strike> <table> <tr> <th> <td>
  • Lines and paragraphs break automatically.
  • Use <bib>citekey</bib> or [bib]citekey[/bib] to insert automatically numbered references.
  • Use [fn]...[/fn] (or <fn>...</fn>) to insert automatically numbered footnotes.
  • You can enable syntax highlighting of source code with the following tags: <code>, <blockcode>. The supported tag styles are: <foo>, [foo].

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Keep in mind that all comments will also have to be administrator-moderated. Don't waste your time writing a spam that no one will read.
Image CAPTCHA
Enter the characters shown in the image.