dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
1221

Bill_MI
Bill In Michigan
MVM
join:2001-01-03
Royal Oak, MI
TP-Link Archer C7
Linksys WRT54GS
Linksys WRT54G v4

1 edit

Bill_MI

MVM

[request] Forum List SSL

A quick look around DSLR says the only non-SSL portions are the graphics/pictures (not a security biggy) and the forum message lists.

The forum message lists seems to be the big stopper for staying SSL throughout. The link to them from an SSL page indicates they will be SSL... but a redirect happens.

Did I miss anything else? Any plans to make DSLR all-SSL capable?
evoxllx
join:2007-06-07
Winter Park, FL

1 recommendation

evoxllx

Member

Re: Forum List SSL

said by Bill_MI:

non-SSL portions are the graphics/pictures (not a security biggy)

It's actually a pretty big security issue.

Doesn't matter what it is if anything on an https page isn't https that's essentially breaking the entire point of it.

Bill_MI
Bill In Michigan
MVM
join:2001-01-03
Royal Oak, MI

Bill_MI

MVM

Sure, on a banking site. For general obfuscation on a modern collision domain (like wifi) the information leakage is minimal.
evoxllx
join:2007-06-07
Winter Park, FL

1 recommendation

evoxllx

Member

said by Bill_MI:

Sure, on a banking site. For general obfuscation on a modern collision domain (like wifi) the information leakage is minimal.

It's not really about information leakage so much as getting your entire page hijacked or modified if even one element is not going over https.

This is a trivial thing to do nowadays with all the automated tools and such.