First step is to issue self-signed certificate. This was done to me. I declined it, but most people don't because they jstu want it to work. After that there are other ways, like serving http-components on https-page. Even Slashdot's HTTPS is currently broken, as it has parts that are http.
It is perfectly fine analogy. Most people don't know the implications of using non-secured WIFI. They aren't "yelling anyone to use their data", they (reasonably) think it wouldn't be possible because they don't know about it. Just like you might not know that some crook is stealing your credit card number.
Written by someone who obviously doesn't understand how https works. Your site URL is validated against a server-side certificate. The protocol starts with an exchange of public keys, then uses session keys for the session. This makes a man in the middle attack impossible.
Yeah, who here doesn't understand things. I live in a country that has been serving fake certs and other trickery even when trying to login to fucking Slashdot using HTTPS. If you believe that there is no way around or no tricks to use against users you are being unbelievable naive and/or idiot. Hell, even Slashdot allows this because it has non-https components even if you browse with https.
Slashdot Mirror
Yeah, you just continue to show clueless you are. Are you high or something?
Did it ever cross your mind that not everyone lives like you? Or lives as closely guarded in his home as you?
First step is to issue self-signed certificate. This was done to me. I declined it, but most people don't because they jstu want it to work. After that there are other ways, like serving http-components on https-page. Even Slashdot's HTTPS is currently broken, as it has parts that are http.
It is perfectly fine analogy. Most people don't know the implications of using non-secured WIFI. They aren't "yelling anyone to use their data", they (reasonably) think it wouldn't be possible because they don't know about it. Just like you might not know that some crook is stealing your credit card number.
Written by someone who obviously doesn't understand how https works. Your site URL is validated against a server-side certificate. The protocol starts with an exchange of public keys, then uses session keys for the session. This makes a man in the middle attack impossible.
Yeah, who here doesn't understand things. I live in a country that has been serving fake certs and other trickery even when trying to login to fucking Slashdot using HTTPS. If you believe that there is no way around or no tricks to use against users you are being unbelievable naive and/or idiot. Hell, even Slashdot allows this because it has non-https components even if you browse with https.
Go back to your noob-box and get some clue.