Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

https:


  • Please log in to reply
4 replies to this topic

#1 philfil

philfil

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:18 AM

Posted 22 April 2014 - 02:13 PM

If the URL of a website is preceeded by https:, what is encrypted? Is the entire site encrypted or simply data entered into the site such as passwords, etc?



BC AdBot (Login to Remove)

 


m

#2 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 34,286 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:05:18 PM

Posted 22 April 2014 - 02:18 PM

See here: http://en.wikipedia.org/wiki/HTTP_Secure

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#3 philfil

philfil
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:18 AM

Posted 22 April 2014 - 02:26 PM

Thanks.

 

"Because HTTPS piggybacks HTTP entirely on top of TLS, the entirety of the underlying HTTP protocol can be encrypted."

 

That bit surprises me, but it anwers the question. :tophat:



#4 Kilroy

Kilroy

  • BC Advisor
  • 3,284 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Launderdale, MN
  • Local time:07:18 PM

Posted 22 April 2014 - 03:04 PM

This is a large part of the possible security issues you can have.

 

A site must be completely hosted over HTTPS, without having some of its contents loaded over HTTP, or the user will be vulnerable to some attacks and surveillance.

 

Just because the site is HTTPS doesn't mean everything you're accessing is secure.



#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:18 PM

Posted 22 April 2014 - 05:47 PM

Expanding on RKilroy's comment.

By default, Internet Explorer interrupts the download of mixed webpage content on secure HTTPS pages which includes nonsecure images or any embedded resources not using the HTTPS protocol. Internet Explorer also displays a confirmation dialog whenever it detects the use of mixed content on a secure page. This warning action is a safety feature because there are malicious sites which mix secure and insecure content in order to trick folks into revealing personal information (i.e. passwords, financial pin numbers, etc) on the wrong page. Although, these messages can be annoying, disabling the alerts can be risky.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users