ultimahosts
New member
As we know HTTPS connections are often used for payment transactions on the WEB and for sensitive transactions in corporate information systems. I wonder if this kind of connections are that safe?
Is an https connection really all that safe?
- Thread starter ultimahosts
- Start date
handsonhosting
New member
HTTPS itself is safe and secure, but it's what people do with the information once it's collected that becomes the issue.
There's NOTHING safe about having an SSL encrypted transaction on say submitting a form and then having that form sent via EMAIL in plain text to a party. Just like there's nothing safe about an SSL Transaction that then stores the credit card information (in plain text) on a website database with an insecure password for people to get it if they hack the site.
Is a deadbolt on your front door safe? It depends on whether you left the windows open or a key under the mat. The process itself (when done correctly) is safe and secure, but there's so many other factors that just because a transaction on line has a little gold lock, that doesn't mean that you're 100% protected shoudl they have bad business practices in place.
There's NOTHING safe about having an SSL encrypted transaction on say submitting a form and then having that form sent via EMAIL in plain text to a party. Just like there's nothing safe about an SSL Transaction that then stores the credit card information (in plain text) on a website database with an insecure password for people to get it if they hack the site.
Is a deadbolt on your front door safe? It depends on whether you left the windows open or a key under the mat. The process itself (when done correctly) is safe and secure, but there's so many other factors that just because a transaction on line has a little gold lock, that doesn't mean that you're 100% protected shoudl they have bad business practices in place.
Great analogies, Conor. That little gold lock reveals nothing about underlying business practices. If I'm on, say Amazon, I feel safe. If I'm on howtohackwebsites.com, maybe not so safe. 
handsonhosting
New member
I guess the only thing that would make me feel a little more comfortable would be a PCI Compliance or Security Scan by Comodo, McAfee, ControlScan or SecurityMetrix. Since they do active scanning (daily) on a site and you have to submit the business practice information it at least makes the owners of the site aware of what they should or shouldn't do .
I'm not aware of any outside agency that actually does full testing to verify what the site is doing, how the data is secured etc. Most of the scanning places that I"ve dealt with it's just a form that the site owner fills out.
If anyone knows of an agency, please post.
I'm not aware of any outside agency that actually does full testing to verify what the site is doing, how the data is secured etc. Most of the scanning places that I"ve dealt with it's just a form that the site owner fills out.
If anyone knows of an agency, please post.
Forum supporters
Save 37% Off Plesk License
Official Plesk Partner, Instant License Delivery, No Contract Commitment. Grab Your Savings NOW!
cplicense.net
Official Plesk Partner, Instant License Delivery, No Contract Commitment. Grab Your Savings NOW!
cplicense.net
Up to 30% Off on KVM VPS
Significant discounts on KVM VPS SSD. Worldwide Locations. Full Root Access. Instant Deployment.
greenwebpage.com
Significant discounts on KVM VPS SSD. Worldwide Locations. Full Root Access. Instant Deployment.
greenwebpage.com