Mixed mode HTTP / HTTPS
If you don’t have time to read troyhunt’s full article on “The beginners guide to breaking website security with nothing more than a Pineapple”, then at least try and read the conclusion sections, and follow the link to “why it’s not ok to load login forms over HTTP even if they post to HTTPS”.
Finally, have a read of “5 ways to implement HTTPS in an insufficient manner (and leak sensitive data)”
[…] Mixed mode HTTP / HTTPS (Matt Davey) […]
Dew Drop – September 30, 2013 (#1,634) | Morning Dew said this on September 30, 2013 at 2:41 pm |