HTTPS required on WLAN?
https://stackoverflow.com/questions/4349548
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I'm confused about HTTPS and its position in LAN applications. I have two computers and my program will send information between them. Both these computers are connected to the same wireless network so it's a simple implementation. However, should I be using HTTPS in this scenario? Or is HTTPS only used when information is being sent to a server outside the network? Whilst the information being sent and received is not necessarily confidential, it may contain data that could be considered private. If I should use HTTPS, do I have to buy a certificate? Thanks
Solution
Get a free certificate from http://www.startssl.com/?app=1, set a reminder to renew it in one year and consider it done.
Having said that, in your particular case you can get away without HTTPS if you WiFi is properly encrypted itself.
OTHER TIPS
Both computers are on the same network (WLAN or LAN doesn't really matter) anyone else on the network could intercept/sniff your traffic. I would take cababunga's advice and get a cert. It does not need to be signed (ie you can make one free) but for a production app it might be worth it.
It's a trade off. Depending upon perimeter security is generally considered a really bad idea. If you are completely happy transmitting that data then you could do so. Of course wifi is notoriously bad for security. Could you deal with a rogue access point masquerading as your own, for instance?
For https, getting a valid certificate from a well-trusted CA, is the simplest, safest and probably cheapest route.
Of course HTTP and HTTPS are irrelevant here unless the computers are using those protocols to communicate with each other. What you are really talking about is an encryption method to protect data in transit. My usual basic assumption is to treat a WLAN as the Internet - anyone can listen, so you either configure the WLAN with encryption if possible (most wireless routers these days support WPA2/TKIP/AES which should be considered reasonably strong) or you configure a VPN over something like SSL and use a cert as per Cowabunga/Darren so you get greater strength than passwords.
