Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Are proxy server safe under HTTPS?

Status
Not open for further replies.
langoo

langoo

Programmer
Jun 22, 2008
8
IL
Hi Folks,

Is it safe to use an open proxy sever for personal information (such as banking) if the connection is under HTTPS? (Using a proxy directly from a web browser…not CGI proxy)

1.) For example, if I connect to a online bank using a proxy server under HTTPS, can the operator of the proxy server have access to my login information, or is the info encrypted by the time it reaches the proxy?

I know that there exists some DNS spoof programs that will redirect you to a fake URL to Phish your info…but assuming that the correct URL is entered directly in the web browser using a proxy such as: – and the URL remains the same… At this point is the info safe?

Can the proxy server operator use my authentication cookie to login back into the site after I’ve logged out?

2.) Also a chain is a strong as it’s weakest link: If I’m using a proxy server to connect to a site under HTTPS, is the entire connection under HTTPS…or only the portion between the proxy and the website…and therefore my connection to the proxy would be under plain HTTP and therefore unsafe…


Regards
 
Sort by date Sort by votes
is it safe? it depends on the online bank you deal with. if you connect to an online bank under https it should be encrypted. the cookie should expire and become worthless when you log off or close browswer. the proxy server operator should not be able to use your authentication becuase that traffic is encrypted. #2 its only https where the site says https, most online banking sites have strict guide lines for keeping a safe environment
I would check out Blue Coat proxies. IMO, they are the best!
 
Upvote 0 Downvote
I would personally view the connection as unsafe, unless I trusted the proxy owners. If you're dealing with your ISP's proxy servers then it's not a problem, but a random proxy address found in an internet anonymiser list is another matter.

"We can categorically state that we have not released man-eating badgers into the area" - Major Mike Shearer
 
Upvote 0 Downvote
or are you talking about the proxy owner of the bank? which is usually a different department then the online banking application (seperation of duty) which the connection is safe (encrypted) if the online banking app is developed correctly.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Icarealot
  • Locked
  • Question
All Circuits are busy - Database
Replies
2
Views
473
cpolley1
cpolley1
KenLSim
  • Locked
  • Question
Server Password Request
Replies
0
Views
86
KenLSim
KenLSim
brokenhalo
  • Locked
  • Question
Open Source reverse-proxy/firewall
Replies
0
Views
79
brokenhalo
brokenhalo
kaukuii
  • Locked
  • Question
log session duration for each user who log on to windows server 2003
Replies
0
Views
78
kaukuii
kaukuii
Hokie97VT
  • Locked
  • Question
Safest remote desktop software within corporate network
Replies
5
Views
136
fisheromacse
fisheromacse

Part and Inventory Search

Sponsor

Back
Top