SearchStuff I have written/presentedLatest commentsUser login |
Is it secure or not?Submitted by gwolf on Wed, 06/25/2008 - 10:11
![]() Firefox 3 allowed me to grant an exception on a self-signed SSL certificate for penta.debconf.org. The connection is crypted... But it seems Firefox does not realize it
( categories: )
|
Random Acidfree itemsTalks, papers and documents by categoryBlog posts by categoryCurrent weatherMexico City
Wed, 02/08/2012 - 02:45 |
True, "Not encrypted" is
True, "Not encrypted" is wrong, and "partially encrypted" would better describe the connection.
But because the browser gets the images/css through a plaintext link, a lot of information can/will leak:
- the adress of the https page will be available in the clear (broweser submits it in the referer field)
- if the site encodes login&passwd in the URL (..?id=123&pass=456), this infocmation is available in plaintext too.
So, it may well be a lot safer to just encrypt the whole connection. So mutch so, that I can even understand firefox reports it as 'not encrypted'.
(I'm with you on the stupid 'do you really wan tot connect to the scammers that didn't pay big bucks to ssl cert providers, though)
Post new comment