Helping people with computers... one answer at a time.
Read the article that everyone's commenting on.
>Encryption is important because only you and the remote site can
>understand the data. Anyone in between ... say someone who's
>monitoring the information going to and from your computer ... sees only
>gibberish. It's an important way to keep your private data out of the
>hands of hackers and thieves.
If someone was monitoring my computer, how could https tell my computer what password to use to encrypt and decrypt the data without the person monitoring also getting the password?
Because those passwords are never sent. Using something called public key cryptography, the sender can encrypt something with the public key that can only be decrypted by the private key. The private key is never shared, and is part of what the certification process validates. Obviously it's more complicated than that, but that's the basic idea.
Hey Leo, good read - thanks for your time. One question though - is the URL for a https site passed in cleartext over the internet, for example would this be bad? http://www.somedomain.com/login.asp?username=bob&password=apples
when a sniffer is active on the machine where the browser is launched (to visit a site say a bank site), & if the https is being used, the sniffer will not be able to catch the data supplied from the browser -correct?
If the sniffer is actually running on the machine with the browser, then all bets are off. It's effectively spyware and can see everything.
However a "sniffer" is typically a different computer "sniffing" the network, and https is the way to be safe.
thanks Leo my life just got easier can you recomend a survey web sit that pays.???? and when they say spam free is it really spam free???
I have a additional question. I understand that SSL is used to encrypt data as it is sent on a wire. But if I'm using a non-encrypted wireless access point, am I venerable to have my data sniffed between my laptop and my WAP? I understand without wireless encryption the data is sent through the airwaves in plain text.
Why don't you answer Bob's question?! I need to know! Are GET requests also encrypted?
-----BEGIN PGP SIGNED MESSAGE-----
Bob's example goes to "http" so of course it would NOT be
That same example, to a server that supports "https" would
What matters is that the URL of the page getting the
parameters, be it via a POST or a GET be an https URL.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
-----END PGP SIGNATURE-----
In the office, is your chat still can be read by network administrator even by using https? Thanks Leo!
To post a comment on "Is an https connection really all that safe?", please return
to that article's main page.
Question? Ask Leo!
The Tip Jar: Buy Leo a Latte!
By Date |
Business Card |
Advertisements do not imply my endorsement of any product or service.
Copyright © 2003-2013 Puget Sound Software, LLC and Leo A. Notenboom
Ask Leo! is a registered trademark ® of Puget Sound Software, LLC
Terms, Conditions & Privacy
Product Reviews, Recommendations and Affiliate Links Disclosure