Secured Page

[ozman]

I just noticed today that sott.net is a secure page.Im wondering why this is?Can somebody explain why this is a secure page?

Thanks
Oz

 

[Gawan]

Maybe it is really simple firsthand, to make the activities of a logged in user more secure. ;)

Here is a description:

Even when it comes to e-mail, g-mail, any-mail… and more, including in the cloud Imagine your attic has an extra door that you share with a nosy neighbor. Usually it stays closed (the door, of course). Closed doesn't (always) mean locked. Because neither you nor the neighbor has the key. You assume that your neighbor doesn't sneak in your house, but how would you be able to tell if you are down in the living and the upstairs door is open (not locked)?

This is pretty much the principle that led to the HTTPS (Hyper Text Transfer Protocol Secure) - to protect you and your data from nosy people (not necessarily limited to your neighbors).

HTTPS stands for the use of an ordinary HTTP over an encrypted Secure Sockets Layer (SSL) or Transport Layer Security (TLS) connection. When a user connects to a Web site via HTTPS, the Web site encrypts the session with a digital certificate, and establishes a secured connection which makes it impossible for a third party to eavesdrop.

Why should that be so important? Coming back to the nosy neighbor, would you like to have him in upstairs when you call at the bank to check your balance and have to go through that procedure where you recite you name, address, card number, password and so on? Probably not. HTTPS is the protocol you would like to use when you check your e-banking and e-commerce account or when you purchase goods and services on-line. But what about e-mail?

_http://www.malwarecity.com/blog/why-https-is-always-good-for-you-467.html

Also this article is from 2009 and things have changed further and https is not only restricted for email, bank accounts… anymore and many 'normal' websites having it as well. So that not unauthorized people (third parties, eavesdropper etc.) can view your communication with a web server.

 

[Scottie]

I just noticed today that sott.net is a secure page.Im wondering why this is?Can somebody explain why this is a secure page?

Thanks
Oz

If you are logged in, you will be forced to use HTTPS until you log out. The reason is that if only login is secured, then each time you access SOTT as a logged-in user, the server and your browser pass cookies back and forth over an insecure connection for every single request/response. This means that someone could eavesdrop (say, if you're using public and/or improperly secured WiFi), grab your cookie, stick it in their browser, and effectively be logged in as you on SOTT.

The way we do it is not "100%" secure like a bank web site, but then we're not a bank.

After some hack attacks in recent times, it seemed like a good thing to do. It's just one more precaution to make it harder for the bad guys to cause us grief.

 

[ozman]

Well ok I didnt really think of it on that level,I never put it together that it only happened when I logged in.
Thanks for clearing that up for me.