Login security

Random stuff about serendipity. Discussion, Questions, Paraphernalia.
Post Reply
latcarf
Regular
Posts: 25
Joined: Tue Apr 12, 2005 1:21 am
Location: Silicon Valley, CA
Contact:
Contact latcarf

Login security

Post by latcarf »

This may be a common question, but I didn't find it anywhere else on the forum (my search skills suck sometimes though) :wink:

Is login to Serendipity over http safe against eavesdroppers and packet sniffers or should I put Serendipity under my SSL webserver for admin logins?

I just started using tor http://tor.eff.org, and wondered if a malicious exit server operator might be able to pick up my login credentials over http.

I only login under ssl as a safe measure, but is it necessary?
Top
garvinhicking
Core Developer
Posts: 30022
Joined: Tue Sep 16, 2003 9:45 pm
Location: Cologne, Germany
Contact:
Contact garvinhicking

Re: Login security

Post by garvinhicking »

Hi!

Logging in via plain HTTP is always a security risk, no matter how strong the en/decryption by any application.

The only way to secure your login data is by using HTTPS, that's true.
I just started using tor http://tor.eff.org, and wondered if a malicious exit server operator might be able to pick up my login credentials over http.
Definitely that would be possible. I don't know though if using SSL is a secure mean to this if you are using a TOR Proxy, but I guess so. :)

Best regards,
Garvin
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
Top
Post Reply

Return to “General discussions”