Why is https so important?

J

judywb2022-03-17 19:58:42

Web servers

judywb, 2022-03-17 19:58:42

I just read information about authorization methods in web applications, and in the article there is such a method as "Forms authentication" and it says:
<<You need to understand that intercepting a session token often gives a similar level of access as knowing username / password. Therefore, all communications between the client and the server in the case of forms authentication should be made only over a secure HTTPS connection.>>

The question itself is: can an attacker, thanks to this method of authorization, somehow harm the application or the user, a sniffer that will already steal all the data

Link to the article: https://habr.com/ru/company/dataart/blog/262817/

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

V

Vladimir Korotenko, 2022-03-17
@firedragon

https complicates the access of 3 persons to the communication session. In addition, many technologies simply do not work through http; this is hardwired into the browser.
Interception and modification when using http is quite possible. Suppose an unscrupulous provider admin hangs an l7 filter on traffic and collects your logins and passwords