Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Are proxy server safe under HTTPS?

Status
Not open for further replies.

langoo

Programmer
Jun 22, 2008
8
IL
Hi Folks,

Is it safe to use an open proxy sever for personal information (such as banking) if the connection is under HTTPS? (Using a proxy directly from a web browser…not CGI proxy)

1.) For example, if I connect to a online bank using a proxy server under HTTPS, can the operator of the proxy server have access to my login information, or is the info encrypted by the time it reaches the proxy?

I know that there exists some DNS spoof programs that will redirect you to a fake URL to Phish your info…but assuming that the correct URL is entered directly in the web browser using a proxy such as: – and the URL remains the same… At this point is the info safe?

Can the proxy server operator use my authentication cookie to login back into the site after I’ve logged out?

2.) Also a chain is a strong as it’s weakest link: If I’m using a proxy server to connect to a site under HTTPS, is the entire connection under HTTPS…or only the portion between the proxy and the website…and therefore my connection to the proxy would be under plain HTTP and therefore unsafe…


Regards
 
is it safe? it depends on the online bank you deal with. if you connect to an online bank under https it should be encrypted. the cookie should expire and become worthless when you log off or close browswer. the proxy server operator should not be able to use your authentication becuase that traffic is encrypted. #2 its only https where the site says https, most online banking sites have strict guide lines for keeping a safe environment
I would check out Blue Coat proxies. IMO, they are the best!
 
I would personally view the connection as unsafe, unless I trusted the proxy owners. If you're dealing with your ISP's proxy servers then it's not a problem, but a random proxy address found in an internet anonymiser list is another matter.

"We can categorically state that we have not released man-eating badgers into the area" - Major Mike Shearer
 
or are you talking about the proxy owner of the bank? which is usually a different department then the online banking application (seperation of duty) which the connection is safe (encrypted) if the online banking app is developed correctly.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top