Mixed mode HTTP / HTTPS

If you don’t have time to read troyhunt’s full article on “The beginners guide to breaking website security with nothing more than a Pineapple”, then at least try and read the conclusion sections, and follow the link to “why it’s not ok to load login forms over HTTP even if they post to HTTPS”.

Finally, have a read of “5 ways to implement HTTPS in an insufficient manner (and leak sensitive data)”


~ by mdavey on September 30, 2013.

One Response to “Mixed mode HTTP / HTTPS”

  1. […] Mixed mode HTTP / HTTPS (Matt Davey) […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: