Greyelf wrote:Just for clarity sake, the passwords themselves are not encrypted.
It is the connection between the user's web-browser and the web-server that is encrypted, thus causing all requests (like login, page accesses, comment postings, etc...) sent via the HTTPS protocol to that web-server to be sent via that encrypted connection.
Here is how SSL or TLS more so in reality actually works.
SSL is the name that is most often used to refer to this protocol, but SSL specifically refers to the proprietary protocol designed by Netscape in the mid 90's.
TLS is an IETF standard that is based on SSL, these days, the odds are that nearly all of your secure connections on the web are really using TLS, not SSL.
TLS has several capabilities:
1/Encrypt your application layer data. (In your case, the application layer protocol is HTTP.)
2/Authenticate the server to the client.
3/Authenticate the client to the server.
1 and 2 are very common. 3 is less common.
Authentication
A server authenticates itself to a client using a certificate.
A certificate is a blob of data that contains information about a website:
Domain name
Public key
The company that owns it
When it was issued
When it expires
Who issued it
Etc.
HTTPS is combination of HTTP and SSL(Secure Socket Layer) to provide encrypted communication between client (browser) and web server (application is hosted here).
HTTPS encrypts data that is transmitted from browser to server over the network, So, no one can sniff the data during transmission.
Right now when logging into the forum, nothing is secure at all, this includes both your login and password and the mere fact that the new firefox picks up on the fact that the forum right now is not secure, clearly that alone should prompt Shark to hire someone good, get https:// in place with SSL or TLS and not have to worry again like last time.
The fact that people want to help Shark by giving info is far more important Greyelf than You having another dig at me for a mistake I wrote while typing over 100 words per minute
