A question re. http and https


  1. Posts : 208
    Windows 7 Home Premium 32bit, Linux Mint Julia, in dual boot mode
       #1

    A question re. http and https


    I have a long running feud with my internet provider. They have a site where i can log in to view my personal data (email, bills, etc.) and my user name and password has to be given. This is an http site! However, when you do log in on this http site you are transferred to an https site. ???????????
    My point is that the transfer of my user name and password is not secure since it is done via an http connection. They deny and claim everything is secure.
    The funny (but not haha) part of it is that they also have an https site where you can log in (found when googling but way down in the listings given by Google).

    I am confused. Totally.
    They even told me once i had a redirecting virus. Nonsense, of course, because google gives the https as well as the http site for logging in.
    Any information to clear up my confusion? Am i nuts or are they?
    Last edited by FranzB; 05 Jan 2012 at 07:30. Reason: spelling
      My Computer


  2. Posts : 2,663
    Windows 8.1 Pro x64
       #2

    Hello FranzB

    Don't worry, they are the incompetent ones. You're perfectly right about the dangers of using http over https. Have you seen this addon before? If forces https to be used wherever possible :)

    https://www.eff.org/https-everywhere

    Tom
      My Computer


  3. Posts : 208
    Windows 7 Home Premium 32bit, Linux Mint Julia, in dual boot mode
    Thread Starter
       #3

    tom982 said:
    Hello FranzB

    Don't worry, they are the incompetent ones. You're perfectly right about the dangers of using http over https. Have you seen this addon before? If forces https to be used wherever possible :)

    https://www.eff.org/https-everywhere

    Tom
    Thanks, Tom, for the link.
    What especially gets me is that you can login to your account on an http webpage but that the page you get then and where you can click on several options (e.g. the bills) is an https. It's simply weird. And then the help desk telling me that i have a redirect virus. It took me hours checking with all kinds of programs. And it's not just any provider (the old Postal Services). After three months and three emails they called me by phone today and asked whether the problem was solved. They don't even check themselves. Idiots.
      My Computer


  4. Posts : 7,730
    Windows 7 Ultimate SP1 64-Bit
       #4

    Purely out of interest, which ISP do you use?

    It might pay you to shop around and consider switching.

    I did recently and got a better telephone,TV and broadband bundle AND a £20 ($35) a month saving.
      My Computer


  5. Posts : 208
    Windows 7 Home Premium 32bit, Linux Mint Julia, in dual boot mode
    Thread Starter
       #5

    @ seavixen32

    Well, i don't know whether i should give the name here -- they might take legal action for "false accusations" should they see it. But it is not any GB or US provider. And i am on an old "grandfather" clause whereby they don't check my traffic (in MB). So no bundle to pay for and the speed is ok. They tried, however, to have me change my subscription which i declined, smiling.
      My Computer


  6. Posts : 5,642
    Windows 10 Pro (x64)
       #6

    Since I cannot see the page in question. Is the form where you are putting the details of your user account, does the URI in the "action" attribute use HTTPS or HTTP as the scheme. If the "action" attribute has an HTTPS scheme then the values of your username and password are sent over a secure line, even if the page is served as HTTP. As long as the form's "action" attribute is HTTPS.
      My Computer


  7. Posts : 208
    Windows 7 Home Premium 32bit, Linux Mint Julia, in dual boot mode
    Thread Starter
       #7

    logicearth said:
    Since I cannot see the page in question. Is the form where you are putting the details of your user account, does the URI in the "action" attribute use HTTPS or HTTP as the scheme. If the "action" attribute has an HTTPS scheme then the values of your username and password are sent over a secure line, even if the page is served as HTTP. As long as the form's "action" attribute is HTTPS.
    Hmmm......... how do i find out? The page on which i fill in my username and password is shown in the address bar as http or www. What happens when i ckick on the "login" button i don't know. How do you find out? Take the sevenforums.com page as an example. Is it a secure login when i have given my username and password? Even when i am logged in (as now when i am writing this posting) it still shows www.sevenforums etc. in the address bar, i.e. no sign of https.
      My Computer


  8. Posts : 208
    Windows 7 Home Premium 32bit, Linux Mint Julia, in dual boot mode
    Thread Starter
       #8

    And another thing. Even if it is like you suggest, then why have an http as well as an https page where you can login?
    Doesn't make sense. Why not simply remove the http page from the net?
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 08:47.
Find Us