On a practical point of view, an HTTPS site with a warning on the certificate is worse than a plain HTTP site. However, it is quite rare that a reading-only site goes to the trouble of setting up SSL and a certificate. As long as you only browse, reading data but not sending anything, and not especially trusting what you read, then you can ignore the warning. On a theoretical point of view, an HTTPS site with a warning on the certificate is no better, but no worse either, than a plain HTTP site. TL DR: Unless you know exactly what is going on, my advice is to not click through but rather properly resolve the issue. The connection could still be hijacked, but doing this from outside the network is only possible if the firewall / router is compromised (and when that happens, you have other things to worry about). logging into the server and checking it there): as seen from the client, it must match the known certificate as installed on the server.
When you're not sending or receiving any confidential data, such as passwords or credit card details note that cookies containing session IDs etc.That said, there are a few situations where it is relatively safe to click through the warning: If you click through an unverified or untrusted certificate, this is what you are risking - the communication will still be encrypted, but the server you're talking to may not be legit. Note that points 1 and 2 are worthless unless 3 is intact: if someone else can impersonate the originator of a message, then encrypting it does nothing but prevent yet another attacker from hacking your already-compromised communication. Verify the identity of the sender: prevent someone else from sending you letters under a false name.Verify that the communication is unaltered: prevent the mailman from altering your letters.Keep the communication secret: prevent the mailman from reading your letters.SSL serves three purposes (I'll use a snail-mail analogy to illustrate):
0 kommentar(er)
