Even though it is a good idea to support (but not necessarily force) HTTPS in a site, let's not kid ourselves that HTTPS makes browsing secure. It's the best effortless fix that can be done, it's not a solution.
Push comes to shove, data is only encrypted when going over the line. It's not encrypted at the source and the destination. So there are still plenty of points of attack to get to the unencrypted data.
|