Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Submission + - HTTPS is more secure,so why isn't the Web using it 1

suraj.sun writes: HTTPS is more secure, so why isn't the Web using it?

You wouldn't write your username and passwords on a postcard and mail it for the world to see, so why are you doing it online? Every time you log in to Twitter, Facebook or any other service that uses a plain HTTP connection that's essentially what you're doing.

There is a better way, the secure version of HTTP — HTTPS. But if HTTPS is more secure, why doesn't the entire Web use it? Web security got a shot in the arm last year when the FireSheep network sniffing tool made it easy for anyone to detect your login info over insecure networks. That prompted a number of large sites to begin offering encrypted versions of their services via HTTPS connections.

ARS Technica: http://arstechnica.com/web/news/2011/03/https-is-more-secure-so-why-isnt-the-web-using-it.ars
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

HTTPS is more secure,so why isn't the Web using it

Comments Filter:
  • You can self sign a certificate.
    However, SSL only works with IP based virtual hosting, not with domain name virtual hosting.
    You can have hundreds or thousands of http sites on one IP (depending on the hardware and connection) but only one https site or part of site.
    It means that to offer a https login service you need a dedicated machine and most people do not think it's worth to get a dedicated machine unless they earn money with the website or need to process credit cards and such.

"If the code and the comments disagree, then both are probably wrong." -- Norm Schryer