Recent Posts

    Authors

    Published

    Tag Cloud

    HTTPS versus HTTP, the debate is over.

    Now days there is no excuse, just use HTTPS everywhere.


    SSL is secure socket layer  ie. HTTPS:// instead of HTTP://

    Every web page that is sent via HTTP:// is in plan text and can easily be intercepted or even changed via what is know as "man in the middle" or "man on the side" attacks.

    Mobile network provides often  "improve" HTTP web pages by injecting their own scripts & images, often these unwanted "improvements" break the page being served. HTTPS prevents the carriers from being able to inject their own content.

    Even when you only access the system via an intranet the setting up SSL is so simple and really is the FIRST step in any security that it's almost a mandatory step.

    The old argument against httpS:// was that it was slower but that was in the days of slow machines how in many cases httpS:// is actually faster because of the hard work Google has done improving httpS:// as there is no method of securing http:// the protocol hasn't been enhance.

    For a performance comparison ( most favourable to HTTPS ) see httpvshttps.com/