Jump to content

does HTTP pose any threat to the website itself?

JoneLoveIT
By JoneLoveIT
in Programs, Apps and Websites
 Share
Posted

We usually think of HTTP is unsafe to users who browse the website, but does it pose any threat to the website itself? is HTTP more vulnerable compared to HTTPS?

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

Unless your dealing with sensitive data, not really. You should checkout this page on HTTPS however, https://www.cloudflare.com/learning/ssl/why-is-http-not-secure/

By not having a certificate however your users may get hit with a unsecure warning which may deter users from your site.

 

There is little reason not to have a Certifcate anymore to handle HTTPS requests, you can obtain a free certificate from LetsEncrypt. I would imagine most website hosting providers offer a option to generate one, for self hosters there is Certbot to help automate the process as well.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
1 hour ago, Nayr438 said:

Unless your dealing with sensitive data, not really. You should checkout this page on HTTPS however, https://www.cloudflare.com/learning/ssl/why-is-http-not-secure/

By not having a certificate however your users may get hit with a unsecure warning which may deter users from your site.

 

There is little reason not to have a Certifcate anymore to handle HTTPS requests, you can obtain a free certificate from LetsEncrypt. I would imagine most website hosting providers offer a option to generate one, for self hosters there is Certbot to help automate the process as well.

^This

 

My webserver has 5 subdomains and they all have an autorenewing LE certificate, it takes literal seconds, heck certbot even automagically copies your HTTP config, changes it to port to 443, adds the SSL information, adds a redirect to the HTTPS site from the old HTTP one, saves the configs, enables the HTTPS site and reloads Apache/NGINX for you.

 

Even on hosting services you can still use certbot, as long as you have root SSH to the terminal certbot uses file based verification to determine the domain ownership (it basically adds a challenge file to the root of the website then looks online to check it can find the file on the domain you specified).

Main Rig:-

Ryzen 7 3800X | Asus ROG Strix X570-F Gaming | 16GB Team Group Dark Pro 3600Mhz | Corsair MP600 1TB PCIe Gen 4 | Sapphire 5700 XT Pulse | Corsair H115i Platinum | WD Black 1TB | WD Green 4TB | EVGA SuperNOVA G3 650W | Asus TUF GT501 | Samsung C27HG70 1440p 144hz HDR FreeSync 2 | Ubuntu 20.04.2 LTS |

 

Server:-

Intel NUC running Server 2019 + Synology DSM218+ with 2 x 4TB Toshiba NAS Ready HDDs (RAID0)

Link to comment
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Programs, Apps and Websites

×