Eve can throw a big party.
This is scary. Regardless of the fact that HTTPS, the solution to
this problem, has been available since 1996, there is still a surprising
number of na??ve (or malicious) websites that will treat
valuable information as described here. The average user does
not run sniffers to see what browser traf?¬?c really looks like, so
this kind of negligence is largely unnoticed. We come back to
this topic in the ???Babel of Web User Interfaces??? section.
HTTPS
As e-commerce gained momentum, it became painfully clear
that HTTP didn??™t provide acceptable levels of security for payments
and transactions containing sensitive data. For this reason,
in 1996, Netscape Communication Corporation proposed a
more secure way of handling HTTP traf?¬?c. The new system,
known as HTTPS, encrypts the exchanges between a browser
Figure 1-11 The HTTP POST of Alice??™s credentials
HTTP is a very
insecure way of
transmitting and
receiving data
HTTPS leverages
certi?¬?cates for
encrypting HTTP
traf?¬?c
50 The Problem
and a Web server so that man-in-the-middle attacks can be de-
?¬‚ected. This important enhancement is made possible by the
usage of certi?¬?cates.
Pages:
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104