Network Admins need to learn that looking at what your users do and meddling with his data is not a legitimate activity. They should have learned that long ago. Fortunately, with encryption becoming more widespread, they will have to learn the lesson.
"That’s easy with unencrypted traffic. If the site uses SSL, then you have to do some kind of SSL interception. Straightforward on a corporate network full of tightly-managed systems. Much harder on a network full of student machines, visitor laptops and the like, and in our opinion, something to be avoided."
Obviously, they do not see intercepting traffic as desirable. But who has time to read the article before commenting these days...?
Does SSL prevent the network admin from seeing the URL that is being visited? I did in fact read the article in full, but I was under the impression that the encryption just encrypted the data in the request.
From a read through of the Wikipedia article on SSL it's now clear to me that all HTTP headers are encrypted, including the requested path.
> Does SSL prevent the network admin from seeing the URL that is being visited?
My understanding is that SSL establishes an end-to-end secure channel, then HTTP is inside that channel. Consequently, GETs and POSTs are not visible to outside parties.
If it's your network, and you graciously allow me to use it, and I, through my use of your network breach the security of systems on your network, would you not do anything in the interests of not meddling with my data?
