Heine from Drupal IRC was kind enough to explain the SSL issues that I mentioned here and here in much greater detail. Head to his blog for the full article. Thanks Heine!
Image via Wikipedia A quite popular activity among Drupal site owners and extension developers (drupal, firefox) is to make sure certain page requests happen over a secure HTTPS connection, whereas the majority of request is still done over an unencrypted HTTP connection. User logins are typically the target of this effort.
Now, unless your really value your password (because you happen to be Ben Bernanke and use the same password for the documents holding the future interest rate), this is only going to give you a false sense of security. I know, it is still a very warm and comfy feeling, but it won’t be so comforting when some clown sees Mike Perry’s presentation and takes away your site.
Security theater #1 – Using SSL for login | Heine.
Related articles by Zemanta
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=ef5d0b8d-abbf-46e3-aba6-e2f0f7a2e572)
