On 10 January 2020 09:45:19 GMT, Chris Green cl@isbd.net wrote:
I have been looking at making some web pages of mine *slightly* more private recently. There's nothing seriously important on them, just some addresses (that people could find elsewhere easily enough) and some other similar sorts of bits and pieces.
However, while I was doing this, I wondered about the "passwords are in clear when using HTTP" thing. If I go to my web site 'out there' and type in a password who/what/where/how will it be seen?
Yes, I realise if someone has wireshark running on my LAN they will be able to see it (but my house is reasonably secure!) and, presumably, anyone monitoring packets whizzing around between me and the remote site would be able to see it. However there's a *lot* of packets flying around out there, how would anyone pick out any relevant bits?
The remote end is 'mine' too in that it's a virtual server in France (Gandi Internet) so that is moderately secure too with no general access. Obviously anyone with access to the systems at either end of this transaction could see what's going on but then if they have that sort of access getting at a web page password is not going to get them any more access than they have already.
This isn't bank access or accessing a big business/selling web site where snoopers might expect to get useful/valuable information so why (and how) would any sort of snooping work?
What does the team think? Am I being too un-paranoid? (N.B. the passwords I use for moderately [in]secure web sites bear no relation to the ones I use for secure stuff)
TLS?