• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 267
  • Last Modified:

Login form - packet sniffer

Does my web site login have to be on a secure server or otherwise be easily vulnerable to hackers? I noticed some big name web sites logins are not on a secure server, so does the mean they are risking packet sniffers hackers?

How much risk is there not having your login on a secure server?

1 Solution
Most of that would depend on where the server is housed. Most servers are hooked to switches now rather then hubs, so the sniff could only happen on that particular link or they'd have to sniff the traffic into the main switch. If the server is located in a trustworthy datacenter, they won't have employees trying to sniff your server traffic. The important thing is to lock down your server so someone doesn't run the sniffer on your own box. You won't have much control over the client side being sniffed, but you can secure your own side (server).
Depends on where you're sniffing from. You'd have to sniff somewhere between the user and the location of the server itself. SSL is intended to make that hard for someone trying to be somewhere in the middle by encrypting the data. But here's the major question: what is the value of the data being transmitted? You don't want to spend too much more than what it's worth protecting it.

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now