Ask Leo! by Leo A. Notenboom

Is an https connection really all that safe?

Search First! Then browse: Categories | Full Archive | By Date | Newsletter

Home » Internet

Comments

All Comments on: Is an https connection really all that safe?

Read the article that everyone's commenting on.
RSS feed Subscribe to the RSS Feed for comments on this article.

>Encryption is important because only you and the remote site can
>understand the data. Anyone in between ... say someone who's
>monitoring the information going to and from your computer ... sees only
>gibberish. It's an important way to keep your private data out of the
>hands of hackers and thieves.

If someone was monitoring my computer, how could https tell my computer what password to use to encrypt and decrypt the data without the person monitoring also getting the password?

Posted by: Ronny at September 9, 2005 1:05 PM

Because those passwords are never sent. Using something called public key cryptography, the sender can encrypt something with the public key that can only be decrypted by the private key. The private key is never shared, and is part of what the certification process validates. Obviously it's more complicated than that, but that's the basic idea.

Posted by: Leo at September 9, 2005 1:34 PM

Hey Leo, good read - thanks for your time. One question though - is the URL for a https site passed in cleartext over the internet, for example would this be bad? http://www.somedomain.com/login.asp?username=bob&password=apples

Posted by: Bob at December 8, 2005 1:33 AM

when a sniffer is active on the machine where the browser is launched (to visit a site say a bank site), & if the https is being used, the sniffer will not be able to catch the data supplied from the browser -correct?

Posted by: santosh at June 21, 2006 11:57 AM

If the sniffer is actually running on the machine with the browser, then all bets are off. It's effectively spyware and can see everything.

However a "sniffer" is typically a different computer "sniffing" the network, and https is the way to be safe.

Posted by: Leo at June 21, 2006 9:05 PM

thanks Leo my life just got easier can you recomend a survey web sit that pays.???? and when they say spam free is it really spam free???

Posted by: Daniel jenkins at September 12, 2007 7:53 AM

I have a additional question. I understand that SSL is used to encrypt data as it is sent on a wire. But if I'm using a non-encrypted wireless access point, am I venerable to have my data sniffed between my laptop and my WAP? I understand without wireless encryption the data is sent through the airwaves in plain text.

Posted by: Roland Gonzales at April 26, 2008 11:07 AM

Why don't you answer Bob's question?! I need to know! Are GET requests also encrypted?

Posted by: asdfasdfas at June 13, 2008 1:10 PM

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Bob's example goes to "http" so of course it would NOT be
encrypted.

That same example, to a server that supports "https" would
be encrypted.

What matters is that the URL of the page getting the
parameters, be it via a POST or a GET be an https URL.

Leo


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)

iD8DBQFIVUnKCMEe9B/8oqERAtd7AJ4xwKv/XGJLCt7cZVw5BsTgybqhmACfSgYT
7LBS5HM9loiRsrnjTZwerhY=
=swIp
-----END PGP SIGNATURE-----

Posted by: Leo at June 15, 2008 9:56 AM

In the office, is your chat still can be read by network administrator even by using https? Thanks Leo!

Posted by: Aditya at November 2, 2009 6:36 PM
Read the article that everyone's commenting on.
RSS feed Subscribe to the RSS Feed for comments on this article.
Post a Comment

To post a comment on "Is an https connection really all that safe?", please return to that article's main page.



Question? Ask Leo!

http://ask-leo.com/comments_002421.php

Copyright © 2003-2010 Puget Sound Software, LLC and Leo A. Notenboom
Ask Leo! is a registered trademark ® of Puget Sound Software, LLC
Terms, Conditions & Privacy
Product Reviews, Recommendations and Affiliate Links Disclosure