On Mon, 07 Dec 2015 14:48:52 +0000, Kapps wrote:
> On Monday, 7 December 2015 at 14:38:39 UTC, Steven Schveighoffer wrote:
>> I'm surprised it wouldn't. I wouldn't think a redirect would need to be
>> encrypted.
>> -Steve
> It does. Otherwise you could bypass HTTPS entirely by replacing the
> redirect page with a non-encrypted copy of the dlang website with
> whatever modifications you like.

Well, only if you're trying to protect against MITM attacks. If you're 
only worried about people packet sniffing, you can redirect from an 
unencrypted page without a care.

In a situation like this, where approximately no sensitive information is 
going back and forth, MITM isn't much of a concern (and packet sniffing 
isn't, either, for the most part, except if you're logging in with a 
password you reuse elsewhere).

Reply via email to