Jump to content

HTTP insecure connection warning from browser

Lurker

By Lurker
in Off Topic

 Share

Recommended Posts

Lurker Veteran

Lurker

Posted
Posted

one day, if you access certain website with http connection, including this forum, you will get warning notice from browser that the website is insecure, :)

here the explanation :

Firefox 51, released today, and Chrome 56, have started describing some HTTP connections as insecure as they continue the industry-wide push to promote the use of encrypted HTTPS.

How Firefox will alter the address bar for HTTP pages with password forms.

 

The non-secure labelling will occur on pages delivered over HTTP that include forms. Specifically, pages that include password fields, and in Chrome, credit card fields, will put warnings in the address bar to explicitly indicate that the connection is not secure

One somewhat common older development practice was to place the password field on a page delivered by HTTP, with the form submitted to a location protected by HTTPS. This offers little security in practice, however. Pages delivered by HTTP can be readily modified by eavesdroppers, meaning that an attacker could simply choose to submit the password data to a destination of their choosing, instead of the intended HTTPS location.

The non-secure label should encourage to developers to reduce their use of HTTP and make the switch to HTTPS whenever sensitive data is being handled. Google's approach is arguably a little clearer than Firefox's; where Firefox will use a padlock icon with a red line striking it through to indicate that a connection isn't secure, Chrome will explicitly put "Not secure" in the address bar.

Further work is planned in both browsers to highlight the use of HTTP. A future version of Firefox will include a warning immediately adjacent to the password box itself whenever the page is delivered over HTTP, and Mozilla plans to use the struck through padlock icon for every HTTP page. Similarly, Google intends to eventually include the "Not secure" message in the address bar for all pages delivered over HTTP, whether they contain passwords or not.

so dont worry. bout that :)

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept

Disable-Adblock.png

 

If you enjoy our contents, support us by Disable ads Blocker or add GIS-area to your ads blocker whitelist

I Understand
Dismiss for now