Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

Why would a display-only web page be SSL-encrypted?
self

Posted on 02/11/2005 1:20:19 PM PST by rudy45

I have come across several web pages that do nothing but display information. These pages, however, are SSL-encrypted. That is, their address begins https rather than http, and I see the little padlock icon at the lower right.

I could understand the encryption if the page were asking for confidential/personal information. However, the web pages in this case don't do so. What is the reasoning behind the encryption, therefore? What is the downside, in addition to (?) slower performance (?).

Thanks.


TOPICS: Computers/Internet
KEYWORDS: computers; internet; webpage

1 posted on 02/11/2005 1:20:19 PM PST by rudy45
[ Post Reply | Private Reply | View Replies]

To: rudy45

Have you tried to access the same page after deleting the s from https in the address line? A lot of sites that use SSL don't limit what pages can be requested using SSL and therefore you can wind up accessing the entire site through SSL.


2 posted on 02/11/2005 1:48:34 PM PST by UseYourHead (Beware of the Rinos - McCain, Hagel, Lugar, and Specter)
[ Post Reply | Private Reply | To 1 | View Replies]

To: UseYourHead

Thanks for the idea. I deleted the "s", hit (enter), and found that the page refreshed and put the "s" back in.

It's "no skin off my nose," but I am just curious why someone would design a website this way. Am I correct that unnecessary SSL encryption can slow down performance in accessing the page? Why else would someone do it?

If you look e.g. at www.vanguard.com, you will see that some pages are http (general information) and some are https (the one that asks for user login).

Maybe the designers of the other pages are just careless, and put SSL in unnecessarily?


3 posted on 02/11/2005 2:46:36 PM PST by rudy45
[ Post Reply | Private Reply | To 2 | View Replies]

To: rudy45

Can you give us a URL of a page that is using SSL encryption unnecessarily?


4 posted on 02/11/2005 2:56:48 PM PST by So Cal Rocket (Proud Member: Internet Pajama Wearers for Truth)
[ Post Reply | Private Reply | To 3 | View Replies]

To: rudy45
... but I am just curious why someone would design a website this way. Am I correct that unnecessary SSL encryption can slow down performance in accessing the page? Why else would someone do it?

Most browsers will (should) poup a warning when you go from a SSL page to non-SSL. Encrypting all pages, even if they don't need it, keeps the user from having to dismiss the popup as they move around.

5 posted on 02/11/2005 3:04:56 PM PST by dread78645 (Truth is always the right answer)
[ Post Reply | Private Reply | To 3 | View Replies]

To: So Cal Rocket

Ha, I should have done it before.

https://acadtech.gwu.edu/

Notice all they do is display links to offices, staff etc. I do not see any input forms for personal/confidential data.


6 posted on 02/11/2005 3:33:06 PM PST by rudy45
[ Post Reply | Private Reply | To 4 | View Replies]

To: So Cal Rocket

Ha, I should have done it before.

https://acadtech.gwu.edu/

Notice all they do is display links to offices, staff etc. I do not see any input forms for personal/confidential data.


7 posted on 02/11/2005 3:34:05 PM PST by rudy45
[ Post Reply | Private Reply | To 4 | View Replies]

To: rudy45

Perhaps the owners of the page want to prevent IP hijacking and spoofing.


8 posted on 02/12/2005 5:09:12 PM PST by supercat (Michael Schiavo is trying to starve Terri not because she's dying, but because she ISN'T.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: supercat

Thanks. Could you elaborate? I appreciate it.


9 posted on 02/12/2005 5:43:34 PM PST by rudy45
[ Post Reply | Private Reply | To 8 | View Replies]

To: rudy45

//Thanks. Could you elaborate? I appreciate it.//

There are ways to hack IP routing so that requests which are supposed to go to one computer go instead to a different one. There have been countermeasures installed on much of the net, but there are probably still some pretty big security holes.

In order for your computer to initiate an https connection to www.somethingorother.com, the owner of somethingorother.com has to contact VeriSign or some other agency to receive a digitally-signed key that the site can use for communication. Unless VeriSign gives such a key to someone who is not authorized to use it, it will be impossible for someone to produce a squawk-free spoof site (unless they can break the associated cryptography or otherwise obtain a signed key). Anyone trying to connect to the spoof site would receive a warning that the site's https: information could not be validated.


10 posted on 02/12/2005 5:53:20 PM PST by supercat (Michael Schiavo is trying to starve Terri not because she's dying, but because she ISN'T.)
[ Post Reply | Private Reply | To 9 | View Replies]

To: supercat

If I understand you, I believe you are saying that SSL encryption does more than ensure the security of information that is passed between systems. It also ensures that the site I want to connect to IS that site.

In that case, even though my site does nothing but display information, I would want to make sure that no one puts up a fake site to imitate mine, then redirect people to that fake site to give them wrong information?

Thanks.


11 posted on 02/13/2005 5:06:06 PM PST by rudy45
[ Post Reply | Private Reply | To 10 | View Replies]

To: rudy45
In that case, even though my site does nothing but display information, I would want to make sure that no one puts up a fake site to imitate mine, then redirect people to that fake site to give them wrong information?

Precisely.

12 posted on 02/13/2005 7:16:43 PM PST by supercat (Michael Schiavo is trying to starve Terri not because she's dying, but because she ISN'T.)
[ Post Reply | Private Reply | To 11 | View Replies]

To: supercat

You are a GENIUS lol


13 posted on 02/13/2005 7:30:39 PM PST by rudy45
[ Post Reply | Private Reply | To 12 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson