|
|
|
|
|
|
by tylerhou
3034 days ago
|
|
|
> the browser could easily warn you with a big "insecure!" page when you click on the button. But this implies that whenever you click on any link on a page served via HTTP, the browser should warn you with a big "insecure!" page. I think this is far more obtrusive than a simple "not secure" banner next to the URL. > I don't think https fixes that even for non-sketchy websites You're right, if the website served over HTTPS injects random JavaScript/is poorly designed. However, the danger with HTTP is that every single website is vulnerable to this attack, not simply the ones served by malicious or incompetent hosts. |
|
|