Can other see the content I post over a secure connection?

I'm gonna ask a question which includes both SSL and VPN. Though, question is same for both.

For SSL, i logged into a forum which offers/supports SSL encryption for secure authentication.(like email services, banks did).That way, the data between me and server(if server is properly built in any cases and service is reliable)is secured and even ISP can't display it. Then, i started a thread as a registered member of that forum. Can other registered members display the thread content?

Same question is valid for the VPN as well. Can other registered members display the thread content?

If they can, where is the security on the content except login information case? (for VPN and SSL). I mean perhaps ISP at that moment can't examine it but members and web site owner see everything.

Ozgun S

Posted 2012-05-30T19:31:57.350

Reputation: 165

Answers

SSL provides a Secure Socket Layer. Now let's take a look at what that is.

So, we need to understand what layers are...

What happens with a package is that it travels down the layers (Application to Physical), then gets send over the wire after which it travel back up the layers (Physical to Application). Each layer is on its own responsible to do something with the packet, whether that is adding/stripping information to/from it or changing the whole packet; they are there to ensure that your packets are able to travel with the necessary functionality (ensuring it is received, splitting it up in smaller packets, etc...).

So, what SSL does here is add a layer on top of the Session such that everything from the Session layer on one end till the Session layer on the other end won't be able to read the raw data that is being sent, but only an encrypted version of it. In more technical words one could say that the connection is secured end-to-end from client to server socket and the other way around.

This means that nobody can sniff the connection and obtain the transferred data, but this does not mean that everything on the server is secure. So yes, if you post to a forumt that uses HTTPS, it is very likely that other people can see that forum as well.

But nobody that has access to your connection knows that what you are doing on that HTTPS forum...

Tamara Wijsman

Posted 2012-05-30T19:31:57.350

Reputation: 54 163

i mention the forum members. Can they display my content as long as they are not restricted from that forum (once SSL or VPN is used)? – Ozgun S – 2012-06-03T16:36:36.007

@OzgunSunal: Yes, you would need SSL / VPN to view the content if it is protected in that way. – Tamara Wijsman – 2012-06-04T15:42:49.043

1@TomWijsman In a corporate environment, where the company has both physical and administrative access to your computer (i.e., the ability to secretly install their own CA cert in the browser), an SSL interceptor can be used to sniff the plaintext sent over SSL. Companies like Bluecoat and Verdasys make SSL interceptors as part of their Data Loss Prevention tools. So I think some of your statements in this answer need qualification. They are too absolute in their wording. – Fran – 2012-06-10T22:46:45.157

please clarify your question.

Do you mean whether another user could intercept the communication between you and the server? if so that is a solid no.

SSL involves exchanging a set of Public and Private keys. PKI or Public-Key Infrastructure works by creating complex pairs of keys, a Public and a Private key. If a piece of data is encrypted with the Public, it can only be decrypted by using the matching Private key.

Each of the parties, the server and the client(you), have their own key pair. The server publishes its public key, so that you can encrypt on your end and establish a secure connection and vice-versa. The server's public key can be cross-referenced for authenticity via a CA(certificate authority) see wiki for more detail.

More info:
SSL - http://luxsci.com/blog/how-does-secure-socket-layer-ssl-or-tls-work.html
PKI - http://en.wikipedia.org/wiki/Public-key_infrastructure

madmaze

Posted 2012-05-30T19:31:57.350

Reputation: 3 447

my question is exactly this : 'i do not mean the interception between me and that specific server. i mean ' could someone else visiting that specific website display my content(when i used SSL on mine) from his/her computer? – Ozgun S – 2012-07-24T09:14:03.017