IDG Contributor Network: Are VMs more secure than containers?

We often say, “HTTPS is secure,” or “HTTP is not secure.” But what we mean is that “HTTPS is hard to snoop and makes man-in-the-middle attacks difficult” or “my grandmother has no trouble snooping HTTP.”

Nevertheless, HTTPS has been hacked, and under some circumstances, HTTP is secure enough. Furthermore, if I discover an exploitable defect in a common implementation supporting HTTPS (think OpenSSL and Heartbleed), HTTPS can become a hacking gateway until the implementation is corrected.

HTTP and HTTPS are protocols defined in IETF RFCs 7230-7237 and 2828. HTTPS was designed as a secure HTTP, but saying HTTPS is secure and HTTP is not still hides important exceptions.

To read this article in full or to leave a comment, please click here