Topic by dardar 2019-09-23 11:44:50

  • From: legendland
  • Registered: 2013-11-06
  • Posts: 1,205
  • User Karma: 516

Hi!
So I wondered if someone could clarify something about https requests for me.
Now, I understand that https is http that is secured using a secure socket layer.
but does that only apply yo traffic done through a browser?
For example, if I did something like this:
data=[["username": "bob"], ["password":"mypassword"]]
requests.post("https://mydomain.com/login.php", data=data)

Is that then covered by https, and thus okay to do?
I understand it's very ill advised to transmit passwords over networks, but it surely must be done how else does one log into anything?
Thanks.

Nathan Smith
Managing Director of Nathan Tech
It's not disability
It's ability!

dardar's Website

Quote Post 1

Thumbs up

Reply by Ethin 2019-09-23 14:28:23 (edited by Ethin 2019-09-23 14:32:41)

  • Ethin
  • Generous angel
  • Offline
  • Registered: 2010-04-21
  • Posts: 8,193
  • User Karma: 1,099

No, all traffic submitted through HTTPS is encrypted no matter what client your using. A client is any program (including your web browser). The only thing that is not enforced in non-web browser clients is HTTP strict transport security, which is something (I'd say) that needs to change. (If your site has HSTS enabled, it requires that all traffic is secured and encrypted. I would encourage everyone who's transitioning to HTTPS-only to get it; it prohibits people from visiting insecure versions of your site and submitting data there. Yes, an HTTP redirect can be set up, but HSTS enforces this requirement even if a redirect is not set up, and anything that makes your site insecure (i.e. invalid certificates or certificate parameters) makes your site impossible to connect to until the problem is resolved. At least, for web browsers, at any rate. This is because HSTS sites are hard-coded into your browser; once that's done, it will be impossible to connect to insecure setups on your domain (or any sub-domains if you set it up that way).)

"On two occasions I have been asked [by members of Parliament!]: 'Pray, Mr. Babbage, if you put into the machine wrong figures, will the right answers come out ?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question."    — Charles Babbage.
My Github

Quote Post 2

Thumbs up

Reply by dardar 2019-09-23 14:49:37

  • From: legendland
  • Registered: 2013-11-06
  • Posts: 1,205
  • User Karma: 516

Thanks Ethin for clearing that up.

Nathan Smith
Managing Director of Nathan Tech
It's not disability
It's ability!

dardar's Website

Quote Post 3

Thumbs up