On Sat, 01 Jan 2011 03:46:09 -0800, S Mathias wrote: > I use the > > KB SSL Enforcer > https://chrome.google.com/extensions/detail/flcpelgcagfhfoegekianiofphddckof?hl=en > > so i could browse the net safer [i mean webserver <-> me] with using > https, if available.
Do you feel "safer" just for browsing the web using "https"? Sure, your data is encrypted but the server you are contacting can have been compromised and you still can be hosed >:-) What I want to say is that security is _not just_ encryption. > The problem is: e.g.: facebook... > > if i go to > https://www.facebook.com/ > > that's ok, it's https. > But all the links are "http" on the site.. if i click on a "http" link, > it will request the page on "http", and THEN it switches to "https". > Heres the problem. You may be facing this bug: *** Issue 25: Enforce SSL before the HTTP request is sent from the browser https://code.google.com/p/kbsslenforcer/issues/detail?id=25&colspec=ID%20Type%20Status%20Priority%20Milestone%20Owner%20Summary%20Stars *** > How/where could i write a privoxy rule, to rewrite all the "http" links > to "https"? [so that it would by always trully over https] > > Are there any "general" rules (with privoxy), so that i don't have to > write rules / site? Managing privoxy goes beyond my scope, sorry. > with the KB SSL Enforcer its always first http, then it recognizes that > the site can do https, than it switches to it. But i want to "bypass" > the http part. I think this should be directly handled by the "KB SSL Enforcer" extension and by reading the above bug report, it should be solved in newer versions. Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/pan.2011.01.01.18.04...@gmail.com
