Reputation: 1126
HTTPS sending sensitive data
I have two different servers one serving desktop users and the other one serving mobile users. (www.mywebsite.com, m.mywebsite.com).
Users on mobile server need to send some sensitive data to www server for processing. So in www server I have installed an SSL. I am wondering if SSL certificate is also needed in mobile server so that the sensitive data can be transferred securely? Or just one server with SSL should suffice?
Thanks.
Upvotes: 0
Views: 116
Answers (1)
Reputation: 123551
It is necessary that not only the transfer of the sensitive data is protected by SSL but also anything leading to this transfer. If this is not the case one could use tools like sslstrip to do an active man in the middle attack and replace any https:// targets with http:// targets without being the victim aware of it.
And then the attacker could just intercept the plain data (i.e. http not https) and forward these with https to the original server.
Upvotes: 2
Related Questions
- Encrypting HTTP POST data
- Encryption in Transit: HTTP to HTTPS
- SSL security concern
- How to safely send sensitive data from browser to server?
- Security implications of posting an HTTPS GET request with sensitive data
- Is a POST from HTTP to HTTPS secure?
- Secure Data Transfer Between Websites
- How secure is sending sensitive data over https?
- how to send Secure data to Client using SSL
- pass secure information from one server to another