how to secure a website?

Toggle sidebar Toggle sidebar
Sort by date Sort by votes


to clean this up

you get the warning when you go to a website that's a HTTPS:// address, but has an expired security certificate (or doesn't have one at all), all browsers will warn you that the site, while claiming to be "secure" is not actually secure. They all will strongly advise you not to continue, due to the fact they don't know what you're doing on the website.

For example, if you're providing personal information, this site might be a "forgery" or "hacked" or "the wrong place" so you'd be giving your information away. If I went to my bank's website and got this error, i'd probably contact them by phone and find out what's going on.

The thing is, many pages are NEEDLESSLY secure. they don't ask for any personal information, nor do they even provide any, yet they're setup as HTTPS sites. When those certificates expire there typically is no impetus by the site owner to update it, as there is nothing important enough on the site to demand this. Many times servers will have internal intranet web pages as part of the windows software, which are all HTTPS sites for reasons only microsoft can explain, and of course there isn't a tech on the planet who'd bother to update the security certificate for a website no one uses or accesses.

heck, APC UPS devices also can have HTTPS internal web adresses which are HTTPS sites, and which inevitably have a security certificate which expires. There is nothing dangerous about checking the status of your UPS, so why the heck did APC decide to make this internal website a HTTPS site? no clue.

Ultimately you'll have to decide if there is cause for concern. Personally I'd only care about it if there is personal and or financial data being transmitted on that site
 
Upvote 0 Downvote
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom