Serendipity Forums

This may be a common question, but I didn't find it anywhere else on the forum (my search skills suck sometimes though)

Is login to Serendipity over http safe against eavesdroppers and packet sniffers or should I put Serendipity under my SSL webserver for admin logins?

I just started using tor http://tor.eff.org, and wondered if a malicious exit server operator might be able to pick up my login credentials over http.

I only login under ssl as a safe measure, but is it necessary?

Hi!

Logging in via plain HTTP is always a security risk, no matter how strong the en/decryption by any application.

The only way to secure your login data is by using HTTPS, that's true.

I just started using tor http://tor.eff.org, and wondered if a malicious exit server operator might be able to pick up my login credentials over http.

Definitely that would be possible. I don't know though if using SSL is a secure mean to this if you are using a TOR Proxy, but I guess so.

Best regards,
Garvin