Browsing a secure website via IP

Discussion in 'other security issues & news' started by funkydude, Sep 10, 2011.

Thread Status:
Not open for further replies.
  1. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,851
    If one was to browse to a secure (https) website via IP instead of name, be presented by the usual "This certificate is signed for a different website" warning, then accept the warning and continue, is the connection still secure?
     
  2. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Can you even do that? I just tried accessing a bank's website using the IP, and Chromium didn't take me there. I got some error message. Don't recall which.

    Anyway, considering no kind of attack between the two (client and server), the only way to be sure the it's the real deal, would be for the IP not to be shared. Otherwise, if you directly enter the IP address, how is it possible to know which domain was suppose to be translated to that IP address?
     
  3. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,851
    I think it depends on the website if it allows you to access the IP/port, but yeah, I'm not worried about any forms of attacks right now. I just want to know that using https://123.456.789.101/hi.htm with a certificate signed for https://www.securewebsite.com/hi.htm will still actually be encrypted, and that entering a password would be safe. I don't see why it shouldn't be encrypted, right?
     
  4. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    It would still be encrypted, AFAIK. The CA simply doesn't know that IP xxx.xxx.xxx.xxx belongs to www.securewebsite.com, which is to "whom" they provided the certificate.
     
  5. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,851
    Thanks m00n.
     
Loading...
Thread Status:
Not open for further replies.