Please create an account to participate in the Slashdot moderation system


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


+ - HTTPS is more secure,so why isn't the Web using it 1

Submitted by suraj.sun
suraj.sun (1348507) writes "HTTPS is more secure, so why isn't the Web using it?

You wouldn't write your username and passwords on a postcard and mail it for the world to see, so why are you doing it online? Every time you log in to Twitter, Facebook or any other service that uses a plain HTTP connection that's essentially what you're doing.

There is a better way, the secure version of HTTP — HTTPS. But if HTTPS is more secure, why doesn't the entire Web use it? Web security got a shot in the arm last year when the FireSheep network sniffing tool made it easy for anyone to detect your login info over insecure networks. That prompted a number of large sites to begin offering encrypted versions of their services via HTTPS connections.

ARS Technica:"
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

HTTPS is more secure,so why isn't the Web using it

Comments Filter:
  • You can self sign a certificate.
    However, SSL only works with IP based virtual hosting, not with domain name virtual hosting.
    You can have hundreds or thousands of http sites on one IP (depending on the hardware and connection) but only one https site or part of site.
    It means that to offer a https login service you need a dedicated machine and most people do not think it's worth to get a dedicated machine unless they earn money with the website or need to process credit cards and such.

Optimization hinders evolution.