Link to home
Start Free TrialLog in
Avatar of Nebukad
Nebukad

asked on

How secure is http to https - versus http

Hi,

I am currently working on a website that needs to have some type of login to allow visitors to posts data. First i assumed that i should use https for this site, however the more i learn to more it seems useless to use https.

For example in google to login you go through a https webpage. However when you enter the search part of google -> http://www.google.com my computer sends a stored cookie in plain text which is used by google to give me the possiblilties to goto my account setting (btw experts-exchange.com and many other sites do the same) Couldn't this cookie be just as easily seen/hacked as if the login was done in plain http.

Since our website is not using any form of payment or stores any highly confidential information i was wondering if there is any reason to use https.
Avatar of MarioAlcaide
MarioAlcaide

If you use https you will ensure that your data will be safe. If you don't need that much security, then don't use it, you will just make your system more difficult to implement and mantain.

That's my tip, regards.
ASKER CERTIFIED SOLUTION
Avatar of abbright
abbright
Flag of Germany image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Nebukad

ASKER

In experts-exchange i am automatically logged in based on my cookie which is send in plain text. I can alter my password without having to re-authenticate. To be secure a user should re-authenticate whenever changing sensitive data. correct?
That's what I'd suggest. Anyway it is always up to the site to decide.
One option many sites use is to enter the old password in order to be able to change it. This is somewhat of a compromise between security and comfort.
Avatar of Nebukad

ASKER

@abbright: Thanks for your information, i have a better understanding of how securing a site should work.