dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1189
share rss forum feed


Bill_MI
Bill In Michigan
Premium,MVM
join:2001-01-03
Royal Oak, MI
kudos:2
Reviews:
·WOW Internet and..

1 edit

[request] Forum List SSL

A quick look around DSLR says the only non-SSL portions are the graphics/pictures (not a security biggy) and the forum message lists.

The forum message lists seems to be the big stopper for staying SSL throughout. The link to them from an SSL page indicates they will be SSL... but a redirect happens.

Did I miss anything else? Any plans to make DSLR all-SSL capable?

evoxllx

join:2007-06-07
Winter Park, FL

1 recommendation

Re: Forum List SSL

said by Bill_MI:

non-SSL portions are the graphics/pictures (not a security biggy)

It's actually a pretty big security issue.

Doesn't matter what it is if anything on an https page isn't https that's essentially breaking the entire point of it.


Bill_MI
Bill In Michigan
Premium,MVM
join:2001-01-03
Royal Oak, MI
kudos:2
Sure, on a banking site. For general obfuscation on a modern collision domain (like wifi) the information leakage is minimal.

evoxllx

join:2007-06-07
Winter Park, FL

1 recommendation

said by Bill_MI:

Sure, on a banking site. For general obfuscation on a modern collision domain (like wifi) the information leakage is minimal.

It's not really about information leakage so much as getting your entire page hijacked or modified if even one element is not going over https.

This is a trivial thing to do nowadays with all the automated tools and such.