I realize that HTTPS is supposed to be more secure because it encrypts communication between you and the server so that your passwords and credit card numbers don't get sent in plain-text. However, when using LiveHTTPHeaders, I can still see my password in plain-text in the POST even when using an https connection. Why is this the case? Where is this encrpytion happening?
+3
A:
The HTTP traffic is pushed through an SSL tunnel. LiveHTTPHeaders monitors the HTTP data while it is still inside the browser, before the encryption happens.
David Dorward
2010-07-31 19:23:51
I see. So if someone was snooping, they would see the encrypted information because they obviously aren't in my browser.
JPC
2010-07-31 19:28:44
Exactly right -- so security-wise, this doesn't mean your data is at risk while en route to the server.But it's also worth noting that SSL doesn't help if you have a malicious program (like a Firefox plugin, or simple keylogger for that matter) that's observing the data before it gets encrypted.
Rob Whelan
2010-07-31 19:31:29