How secure is http to https - versus http

Hi,

I am currently working on a website that needs to have some type of login to allow visitors to posts data. First i assumed that i should use https for this site, however the more i learn to more it seems useless to use https.

For example in google to login you go through a https webpage. However when you enter the search part of google -> http://www.google.com my computer sends a stored cookie in plain text which is used by google to give me the possiblilties to goto my account setting (btw experts-exchange.com and many other sites do the same) Couldn't this cookie be just as easily seen/hacked as if the login was done in plain http.

Since our website is not using any form of payment or stores any highly confidential information i was wondering if there is any reason to use https.
NebukadAsked:
Who is Participating?
 
abbrightCommented:
Using https is a good idea if you send passwords over the network as they cannot be intercepted in that case. When using http cookies are sent plaintext, as well, this is correct, but depending on the stuff you store on your server this may or may not be problem.
The difference between cookies and passwords is the following: passwords frequently are reused by people on different sites, so getting the password of someone may open the doors to other sites as well. Cookies are very site-specific and usually are not used for the sensitive parts but rather changing preferences or so.
0
 
MarioAlcaideCommented:
If you use https you will ensure that your data will be safe. If you don't need that much security, then don't use it, you will just make your system more difficult to implement and mantain.

That's my tip, regards.
0
 
NebukadAuthor Commented:
In experts-exchange i am automatically logged in based on my cookie which is send in plain text. I can alter my password without having to re-authenticate. To be secure a user should re-authenticate whenever changing sensitive data. correct?
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
abbrightCommented:
That's what I'd suggest. Anyway it is always up to the site to decide.
0
 
abbrightCommented:
One option many sites use is to enter the old password in order to be able to change it. This is somewhat of a compromise between security and comfort.
0
 
NebukadAuthor Commented:
@abbright: Thanks for your information, i have a better understanding of how securing a site should work.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.