This may be a common question, but I didn't find it anywhere else on the forum (my search skills suck sometimes though)
Is login to Serendipity over http safe against eavesdroppers and packet sniffers or should I put Serendipity under my SSL webserver for admin logins?
I just started using tor http://tor.eff.org, and wondered if a malicious exit server operator might be able to pick up my login credentials over http.
I only login under ssl as a safe measure, but is it necessary?
Login security
-
- Core Developer
- Posts: 30022
- Joined: Tue Sep 16, 2003 9:45 pm
- Location: Cologne, Germany
- Contact:
Re: Login security
Hi!
Logging in via plain HTTP is always a security risk, no matter how strong the en/decryption by any application.
The only way to secure your login data is by using HTTPS, that's true.
Best regards,
Garvin
Logging in via plain HTTP is always a security risk, no matter how strong the en/decryption by any application.
The only way to secure your login data is by using HTTPS, that's true.
Definitely that would be possible. I don't know though if using SSL is a secure mean to this if you are using a TOR Proxy, but I guess so.I just started using tor http://tor.eff.org, and wondered if a malicious exit server operator might be able to pick up my login credentials over http.
Best regards,
Garvin
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/