View Poll Results: Secure or not? <Please refer to the first post>

Voters
3. You may not vote on this poll
  • Yes

    2 66.67%
  • No

    1 33.33%
Results 1 to 15 of 15

Thread: Secure or not? Your opinion...

  1. #1
    Join Date
    Oct 2001
    Location
    Melbourne, AU
    Posts
    456
    Rep Power
    229

    Question Secure or not? Your opinion...

    Hi, just want your opinion:

    By entering a site with the prefix 'https://', would you assume that the site is secure without looking at anything else (assuming that your browser doesn't alert you with any errors)?

    Thanks
    Last edited by sufyan; 17-09-2003 at 09:16 PM.

  2. #2
    Join Date
    Jul 2001
    Location
    eRakan.Net
    Posts
    118
    Rep Power
    225
    that site is NOT secure (yet), but the connection is (hopefully)

    ussually i will review their SSL Cert first. if everything is ok, then i will assume that my connection is secure (encrypted).

  3. #3
    Join Date
    Jan 2002
    Location
    SoObHanG JhaYa
    Posts
    501
    Rep Power
    227
    SSL(Secure Socket Layer) tu memang secure... tapi kena pastikan code kita tu(katakan PHP) tak mempunyai vulnerbility, kalau dak, secure camna pun connection ko tu, attacker leh gak buat menda nakal...
    <form name="jump">
    <select name="menu" onChange="location=document.jump.menu.options[document.jump.menu.selectedIndex].value;" style="border:1px #393F31 solid;color:#393F31;font:10px Verdana;font-weight:bold;" >
    <option value="0" style="background: #9CC8FE" selected>*SELECT-LINKS</option>
    <option value="http://www.gengturbo.org/" style="background: #FF0000">GENGTURBO</option>
    <option value="http://www.phixelgrafix.com/" target="new" style="background: #C6D607">PHIXELGRAFIX</option>
    <option value="http://dailydigital.phixelgrafix.com/" style="background: #FCBC45">OLD-BLOG</option>
    <option value="http://www.mesrahosting.net/" style="background: #FF99CC">WEBHOSTING</option>
    </select>
    </form>

  4. #4
    Join Date
    Oct 2001
    Location
    Melbourne, AU
    Posts
    456
    Rep Power
    229
    Thanks DingDang and Ben-davis

    ---
    Ben-davis: Ok, if we were to forget about the site (code) for a moment (our advisory board will go thru the program to ensure that there are no known flaws in the program) and just focus on the connection itself, would you assume that the connection is secure?

  5. #5
    Join Date
    Feb 2003
    Location
    Kluang, Johor
    Posts
    2,367
    Rep Power
    250
    more secure than normal connection.
    note that there is shared(normally shared hosting) and dedicated SSL(1 domain 1 IP).
    Shared SSL is less secure than dedicated one.

    btw, how do you define the 'secure' here? what do you want to protect?

  6. #6
    Join Date
    Oct 2001
    Location
    Melbourne, AU
    Posts
    456
    Rep Power
    229
    Originally posted by lcf
    more secure than normal connection.
    note that there is shared(normally shared hosting) and dedicated SSL(1 domain 1 IP).
    Shared SSL is less secure than dedicated one.

    btw, how do you define the 'secure' here? what do you want to protect?
    It's like this, for example, if you goto: https://69.57.144.192/ you'll get a security alert, because the name on the certificate doesn't match the name of the site. But if you goto: https://www.halalcube.com/ the name on the cert and the site matches and there is no security alert. By just going to a site starting with 'https://' (and assuming that there is no security alert), in your opinion, would you assume that the connection is secure?

    I know you should double click on the padlock icon to see the SSL cert information, but I just want your opinion on how much you trust a machine to tell you that it is (the browser) transmitting data securely just by the 'https://' prefix/protocol, that's the only reason why im asking this question. Thanks

  7. #7
    Join Date
    Oct 2001
    Location
    Melbourne, AU
    Posts
    456
    Rep Power
    229
    What i mean by secure here, is just basically encrypted communication between the user and the server.

    What do I wan't to protect? Basically a trading portal. When the project is launched, the site will enable buyers and seller of Halal products to trade online. For the first few months, we are just running it as an evaluation period (and subscription will be free). We won't be accepting any monetary transactions until we get our insurance and liability protection sorted out.

    This is like an ad now... haha

  8. #8
    Join Date
    Jan 2002
    Location
    SoObHanG JhaYa
    Posts
    501
    Rep Power
    227
    yup... secure,....
    <form name="jump">
    <select name="menu" onChange="location=document.jump.menu.options[document.jump.menu.selectedIndex].value;" style="border:1px #393F31 solid;color:#393F31;font:10px Verdana;font-weight:bold;" >
    <option value="0" style="background: #9CC8FE" selected>*SELECT-LINKS</option>
    <option value="http://www.gengturbo.org/" style="background: #FF0000">GENGTURBO</option>
    <option value="http://www.phixelgrafix.com/" target="new" style="background: #C6D607">PHIXELGRAFIX</option>
    <option value="http://dailydigital.phixelgrafix.com/" style="background: #FCBC45">OLD-BLOG</option>
    <option value="http://www.mesrahosting.net/" style="background: #FF99CC">WEBHOSTING</option>
    </select>
    </form>

  9. #9
    Join Date
    Jul 2001
    Location
    eRakan.Net
    Posts
    118
    Rep Power
    225
    ...sufyan. what do you think?

  10. #10
    Join Date
    Oct 2001
    Location
    Melbourne, AU
    Posts
    456
    Rep Power
    229
    Originally posted by DingDang
    ...sufyan. what do you think?
    Well... my opinion would be that I would trust secure connections based on the prefix/protocol of the URL for the reasons below. This is only my opinion and others may reasonably argue a different point of view.

    1) Only sites which can speak the 'SSL language' can use 'https://' as the prefix. So normal http requests can't request data from an SSL enabled port (https).

    Try visiting http://69.57.144.192:443/ (this is what you get when you try speaking plain HTTP to an SSL-enabled server port). It won't let you do anything, instead you get a 400 Bad Request error. The try the same IP:Port, but with the 'https' prefix, https://69.57.144.192:443/

    2) You can't just put 'https://' infront of any site and expect it to work - it doesn't work like that.

    3) 128 Bit encryption is strong - not the strongest, but strong. If you ever intercept one of these transmissions, there's a very strong chance that you would NOT be able to decrypt the cipher text without the key which was negotiated by the users browser and the server accepting the request. If you can break/decrypt this 128 Bit encryptions, you are one genius that created some algorithm and has an extremely fast computer... =)

    I think thats about it for now... Thanks for all your opinions...

    ---
    However, it is a good habit to check the SSL certificate just to be sure that everything is correct. But now days, most browsers will alert you if there is anything wrong with the ID of the site or the SSL cert.

  11. #11
    Join Date
    Feb 2003
    Location
    Kluang, Johor
    Posts
    2,367
    Rep Power
    250
    i will trust the connection.

    fact: Your customer will not notice it, and they will not know what the hell is the alert box or SSL.

    Your probably need to show something to prove your secure connection. Show to your customer that he/she is on secured connection.

  12. #12
    Join Date
    Oct 2001
    Location
    Melbourne, AU
    Posts
    456
    Rep Power
    229
    Any suggestions?

    The only thing I can think of is a notice before they login which shows the 'Secure Seal' generated by the CA.

    Thanks

  13. #13
    Join Date
    Feb 2003
    Location
    Kluang, Johor
    Posts
    2,367
    Rep Power
    250
    they will not understand it.
    u need to tell them that they are in secure connection, and a link to explain what is secure connection. Tell them they are safe in the connection.

    you have something like this:
    http://www.maybank2u.com.my/bottom_n...dex.shtml#data

    rite?
    beside the seal, say something like: "you are in secure connection now. Your data will be safe... bla.. bla.. " and invite them to click the seal for detail.

    just my 2 cent

  14. #14
    Join Date
    Oct 2002
    Location
    Johor
    Posts
    270
    Rep Power
    212
    SSL connection definately is secured, just that whether the site you are connection is a trustworthy site or not.
    Frederick Goh - www.frederickgoh.com

  15. #15
    Join Date
    Mar 2004
    Location
    Penang
    Posts
    61
    Rep Power
    191

    ...............

    I definitely would review the cert before I submit anything
    hehehehe
    also I would review their company information as well as address if they have one there or supporting materials to prove their existance. Sadly most of them do not have most of the stuff. But I still buy stuff from them as long as I feel I have to trust them to get it. But most of the times these are the issues I consider.
    <br><br><img src="http://www.virmedia.net/virmedia_newid.gif">

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. How's Secure Your Web Hosting?
    By mizan in forum Paid Hosting Discussion Forum
    Replies: 30
    Last Post: 06-05-2010, 09:01 PM
  2. secure login page
    By honeyz in forum Website Programming
    Replies: 2
    Last Post: 10-03-2010, 12:50 PM
  3. JSP is more secure?
    By lcf in forum Website Programming
    Replies: 16
    Last Post: 11-06-2004, 06:23 PM
  4. secure system?? how??
    By joyce in forum Website Programming
    Replies: 7
    Last Post: 12-07-2002, 10:41 AM
  5. Write Secure Scripts with PHP 4.2!
    By tedbundyjr in forum Website Programming
    Replies: 3
    Last Post: 18-05-2002, 08:47 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Search Engine Optimization by vBSEO 3.5.0 RC1 PL1

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112