Why are non-https sources considered to be insecure by browsers?

3

I asked a question now asking about a feature that has become obsolete in a particular browser, because it is not a source with ssl.

I fully understand that https improves site security, since the Are encrypted data

But why do browsers use the term "insecure origin" for sources that do not use HTTPS, since the security of a site does not depend only on an SSL certificate?

/ p>

We have many things that make a website insecure:

Saying that lack of ssl makes the site unsafe is not it overkill?

    
asked by anonymous 29.10.2015 / 12:22

2 answers

5

PHP, SQL and similar injections occur at the application layer, which is not the scope of SSL - this occurs at the communication layer.

Concerns about communication are clear and valid. For example:

Given the ubiquity of Internet use for data transmission of sensitive processes (access to bank accounts, medical data, etc.), safe traffic guaranty has high priority - so companies are adopting SSL as standard, and websites considered unsafe.

    
29.10.2015 / 13:41
-1

"We, from the Chrome Security Team, propose to change your UX to display unsafe sources as if not secure. We plan to design and start deploying a transition plan for Chrome in 2015.

The purpose of this proposal is to show users more clearly that HTTP does not provide data security. "

HTTP sites will continue to function; we do not currently have plans to block them in Chrome. All that will change are the safety indicators.

link

    
29.10.2015 / 12:44