Force HTTPS for Sites Using NoScript
Sunday, December 21, 2008
This is a simple solution for those of us wishing to use SSL whenever possible. Sites like Facebook, LinkedIn, The Pirate Bay, many more and hopefully soon to be many others offer an HTTPS as an option but only to those that try to use it.
HTTPS != Secure
I should probably say this because HTTPS/SSL is turning into a mindless buzzword.
Websites offering SSL do NOT...
- protect you from system attacks - a virus can be installed over SSL
- inherently hide the websites you're visiting - the browser URL will still be https://www.someweb2.0site.com/markmmanning
- mean that the website will always use HTTPS - Yahoo lets you connect using HTTPS and then automatically redirects you to HTTP after you've logged in
Websites offering SSL do...
- encrypt your web traffic from browser to web server
- protect you from attackers sniffing on your network
NoScript
NoScript R0ckz! I'm not even going to talk about them because you should know. Check them out here.
- Install NoScript
- Click on the the icon and go to options
- Click the Advanced tab and HTTPS
- In the "Force the following sites to use secure (HTTPS) connections:" add in all of your favorite websites
- Click ok and test it out
External Links
http://noscript.net/ - NoScript website
http://fscked.org/projects/cookiemonster - the reason why HTTPS doesn't mean you're secure. CookieMonster is a sidejacking tool with support for attacking SSL connections.
This is a simple solution for those of us wishing to use SSL whenever possible. Sites like Facebook, LinkedIn, The Pirate Bay, many more and hopefully soon to be many others offer an HTTPS as an option but only to those that try to use it.
HTTPS != Secure
I should probably say this because HTTPS/SSL is turning into a mindless buzzword.
Websites offering SSL do NOT...
- protect you from system attacks - a virus can be installed over SSL
- inherently hide the websites you're visiting - the browser URL will still be https://www.someweb2.0site.com/markmmanning
- mean that the website will always use HTTPS - Yahoo lets you connect using HTTPS and then automatically redirects you to HTTP after you've logged in
- encrypt your web traffic from browser to web server
- protect you from attackers sniffing on your network
NoScript
NoScript R0ckz! I'm not even going to talk about them because you should know. Check them out here.
- Install NoScript
- Click on the the icon and go to options
- Click the Advanced tab and HTTPS
- In the "Force the following sites to use secure (HTTPS) connections:" add in all of your favorite websites
- Click ok and test it out
External Links
http://noscript.net/ - NoScript websitehttp://fscked.org/projects/cookiemonster - the reason why HTTPS doesn't mean you're secure. CookieMonster is a sidejacking tool with support for attacking SSL connections.