Web Forms & HTTPS

This is a little old as news goes but relevant all the same to several news articles more recently been published. It concerns the use of HTTPS or SSL/TLS to secure the data submitted by a user on a website, for example maybe using a login page or a signup form. Most responsible web developers have been collecting such data using an encrypted HTTPS connection on the POST ACTION of the form. Setting the <form><action> to a URL using HTTPS is encrypting the data at the point the data entered by the user is being sent to the receiving script or page for processing. Clearly this is a good thing, the username and password can’t be sniffed while it’s in transit then can it?   Well technically this is correct but if the form page is served in HTTP only format then the actual form page can be subject to an in browser Javascript or network hack and those details be compromised while the form is being filled out..

Mozilla Firefox 44

That’s not especially newsworthy, many of us already knew that of course, but it seems not everybody and Mozilla will soon release Firefox 44 which will flag such sites as being insecure.

Let’s Encrypt

The free certificate authority “Let’s Encrypt” will enter full public beta on Thursday this week (3rd December 2015). Let’s Encrypt is a free, automated, and open certificate authority set up by the Internet Security Research Group (ISRG). I’ve written about Let’s Encrypt before and I’m pleased to see that it’s moving forward.