Websites without https

Neb · 29 Jan 2007 at 16:49

Quick question....

If a website doesn't have the s on the end of the http when your buying something, is it pretty stupid to buy from them?

Thank you very much.

Jotun · 29 Jan 2007 at 16:53

I would say so, yes.

Slime101 · 29 Jan 2007 at 16:54

Not nessecarily. You only need the SSL part whilst entering details like card number, nothing else need be encrypted and hence the "s" part might only be there for 1 page of the whole site.

Eriedor · 29 Jan 2007 at 16:56

No, Im not 100% on the details but i believe there are new techniques used to ensure security without https.

For example when i enter my internet banking number on hsbc website it doesn't have https but i have no doubt it is secure.

Helium_Junkie · 29 Jan 2007 at 17:13

I wouldn't. Personal preference

Bes · 29 Jan 2007 at 17:18

In general yes, but if the payment is entered inside something like an applet or inline frame it is still secure.

Beansprout · 29 Jan 2007 at 17:19

eriedor said:
No, Im not 100% on the details but i believe there are new techniques used to ensure security without https.

For example when i enter my internet banking number on hsbc website it doesn't have https but i have no doubt it is secure.

First 2 lines: No. HTTPS is the only way to encrypt communication between you and the server.

2. Internet banking number is ok to enter over hTTP, but not preferred.

ALWAYS enter card details over HTTPS. Guarantees the remote server identity - that's the main thing, rather than encrypting communication (unless you're on a shared LAN or wireless in which case I'd always use HTTPS)

Eriedor · 29 Jan 2007 at 17:34

Hmm maybe you are right but im sure i read something where someone complained to their bank as it's website didn't use https at login, the bank replied saying that it was infact secure despite the lack.

I'd hope my IB number is not transferred in plain text O_O !

Teledude · 29 Jan 2007 at 18:03

Your IB number is sent normally but without the rest of the details which you enter at https://www.ebank.hsbc.co.uk/logonindex.jsp its useless so your fine

Neb · 29 Jan 2007 at 18:18

I'm signing up to a gym, and I can get a discount online. Website is http://www.lafitness.co.uk/membership/sales/buy-online-info.asp?ClubID=47&ClubPriceID=736
none of it has https...what do you guys think?

Teledude · 29 Jan 2007 at 18:22

Neb said:
I'm signing up to a gym, and I can get a discount online. Website is http://www.lafitness.co.uk/membership/sales/buy-online-info.asp?ClubID=47&ClubPriceID=736
none of it has https...what do you guys think?

I think you should go through it before posting here

https://ukvps.protx.com/vps200/dotransaction.dll?Service=ClientRegisterTx&VPSTxID={0000-FF9D1E25447B}

the card info is https

Sirrel Squirrel · 29 Jan 2007 at 18:23

Neb said:
I'm signing up to a gym, and I can get a discount online. Website is http://www.lafitness.co.uk/membership/sales/buy-online-info.asp?ClubID=47&ClubPriceID=736
none of it has https...what do you guys think?

I think you'll be ok with that because you're only handing over direct debit details, which anyone can get just by looking at a cheque or your card. If in doubt just call the place and sign up over the phone.

Neb · 29 Jan 2007 at 18:25

teledude where did you get that address from?

Teledude · 29 Jan 2007 at 18:39

Neb said:
teledude where did you get that address from?

fill out the form

after entering direct debit stuff it takes you to that secure site to pay the joining fee