cookies - Is it safe to turn off SSL after sensitive data has already being sent? -


i wondering whether it's safe change connection http once passed log in or sign pages. i'm considering option since data sent , forth once user logged on account not sensitive, user credentials sensitive.

theory answer better not to, since session cookie sent insecurely , third party can catch , use while cookie has not expired.

i'm right, or wrong? can insight?

you're correct. switching http send cookies unencrypted, making session susceptible interception.


Comments

Post a Comment

Popular posts from this blog

iphone - Three second countdown in cocos2d -

i trying have 3 second countdown display when level beat in game. did: -(void) gamesegmentbeat { [self pauseschedulerandactions]; // overlay game opaque background ccsprite *opaquebg = [ccsprite spritewithfile:@"background1.png"]; opaquebg.position = screencenter; [self addchild:opaquebg z:10000]; // these 3 labels 3 seconds cclabelttf *three = [cclabelttf labelwithstring:@"3" fontname:@"helvetica" fontsize:100]; three.position = ccp(screencenter.x, screencenter.y); cclabelttf *two = [cclabelttf labelwithstring:@"2" fontname:@"helvetica" fontsize:100]; two.position = ccp(screencenter.x, screencenter.y); cclabelttf *one = [cclabelttf labelwithstring:@"1" fontname:@"helvetica" fontsize:100]; one.position = ccp(screencenter.x, screencenter.y); // secondspast specified in update method secondspast = 0; if (secondspast == 1) { [self addchild:thr...
Read more

hyperlink - how to do url routing in php -

sorry, don't know should exact technical term problem statement title of thread might misleading/confusing. that's reason why not able search problem solution on google. okay, i'm developing simple social network users. want each user have own profile link. for example, if username of user 'xyz' profile link should ' http://example.com/user/xyz now how create "virtual" link? edit: okay, learned it's mod_rewrite , got similar question how dynamically rewrite url facebook routes php delicate matter. mod_rewrite can in beginning, after becoming mess , f*** rather help, when "big" software needs scalable. remembering "routes" not part of specific application, nomenclature "server" interprets request "client" , returns specific value "client" configuration of request. ie, "router" server. what recommend study http protocol, rest , on. this surely in many things, knowi...
Read more

c++ - CryptStringToBinary API behavior -

i seeing strange behavior cryptstringtobinary cryptography api. please see below code (config: x64 debug): #include "stdafx.h" #include <windows.h> #include <strsafe.h> #include <iostream> #include <exception> void main() { dword dwskip; dword dwflags; dword dwdatalen; //lpcwstr pszinput = l"jaaaaaecaaadzgaaakqaagdnnl1l56bwgfjdgr3rpxtqqqn6daw3usv2emkjym4t"; //this works fine lpcwstr pszinput = l"mytest"; //doesnt work, api returns false,error code 0x0000000d // determine size of byte array , allocate memory. if(! cryptstringtobinary( pszinput, _tcslen( pszinput ) + 1, crypt_string_base64, null, &dwdatalen, &dwskip, &dwflags ) ) { dword dw = getlasterror(); //0x0000000d: data invalid throw std::exception( "error computing byte length." ); } byte *pbytebyte = null; try { ...
Read more