Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I highly doubt that this is true. HTTPS POST data is encrypted just like any other HTTPS data. But, if one is using CloudFlare or any other proxy, by nature, that data needs to be decrypted and then encrypted again on it's way to the destination server. So, yes, of course, each and every proxy can see the data. And, no, HTTPS POST data can't be snooped over the wire otherwise.


What's not true? I may of mumbled my post.

The data from the form, HTTPS POST data is not encrypted. It's plain text encapsulated in a secure socket.

Setup a PHP page with a form and capture the $_POST. All will return in plaintext.

POST is data is sent in headers which yes are encrypted by SSL but the servers receiving will receive it in plain text.

By using third party you lose full control of the data flow encrypted or not. All it takes is one weak link in the chain and your data is screwed.

You're relying on the 3rd party infrastructure not being exploited.


Exactly this.

If CloudFlare, any "relay" were compromised, all traffic through that would be compromised. That's everything. All your bank details, full access, it's all right there.

The selling point of SSL is nobody can read what you do between you and the final destination, except when the developers of that destination enlist CloudFlare who have a root certificate that allows them to intercept everything whether you realise or not.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: