Is there a such thing as free web hosting WITH encryption?

[hedron]

I've batcave.net, which allows you to have a subdomain for free. Which is fine. I'm not trying to do anything fancy, just a blog to learn how to code. The problem is that I cannot use encryption.

So, I use Microsoft Visual Studio and there is no SFTP option. I tried a FTP client, just as a test, but it seems batcave.net only supports SSH if you pay. Maybe I'm just stupid and I'm missing something. I'm not stuck on using either, so if there's an IDE or other website that's better, I'd be willing switch.

So, is there something I'm missing? Or is there any free web hosting with encryption?

Thanks.

 

[devman]

Have you tried GitHub Pages? https://pages.github.com/

That is the first thing that came to mind. I guess it depends on what your trying to do though, so it may not be a perfect fit.

 

[krogen]

There's FTP over SSH, and there's FTP over SSL/TLS, IIRC. SFTP vs FTPS.

If FTP works, does FTPS work?

Your question is also a tad confusing with regards to the type of encryption you're referring to. Are you referring to SSL/TLS for protecting your website? I'm sure there are plenty of webhosts out there that do allow this, it's only a matter of having a wildcard certificate. Or, are you just trying to upload files securely? If only FTP is allowed, you could try to encrypt your files yourself and then decrypt them on the other side somehow.

 

[devman]

There's FTP over SSH, and there's FTP over SSL/TLS, IIRC. SFTP vs FTPS.

Just to clarify
SFTP and FTP over SSH are different things.

SFTP is SSH File Transfer Protocol and is unrelated to FTP.

FTPS is FTP protected by TLS.

FTP over SSH is FTP tunneled through SSH.

 

[Sgraffite]

You can set up an old computer with Ubuntu server in your house which will provide you free web hosting with encryption.

 

[hedron]

Oh... I just meant logging in. Maybe I'm paranoid, but I don't like the idea of my password going over the innerwebs in plain text. I'm not attempting to create a site where users need https or anything like that.

Thanks for the ideas though. I'll check out github.

If FTP works, does FTPS work?

Well, there's no option to select it in Visual Studio and any other option using putty or this FTP client I have it says the encryption is rejected. I forget the exact error message.

 

[jimmyb]

Oh... I just meant logging in. Maybe I'm paranoid, but I don't like the idea of my password going over the innerwebs in plain text.

Your password is probably not being sent as plaintext, even if you aren't using an encrypted connection.

 

[hedron]

Hmm.. But it says it is?

 

[Frobozz]

Hmm.. But it says it is?

If it's an HTML form and the connection is not encrypted (HTTPS), then the form contents are submitted to the host in clear text.
Using a network analyzer, such as Wireshark, it's pretty simple to snag the request and see your form contents. Anyone capturing packets between you and the host would be able to as well.

EDIT: Ok.. I have reading comprehension issues! I guess I skimmed and thought we switched gears to submissions from the http side.

I have nothing to add other than that you could still use a network analyzer mentioned above to try to catch the exchange and see what you can see.

 

[Grentz]

If you are using a free webhost, there should be no sense of security in the first place.

You should be using a paid webhost if you want any form of security, even basic. The passwords being sent as cleartext are the least of your worries

 

[Red Squirrel]

I remember doing the free web hosting thing 15 years ago (wow I feel old now that I think of it) and it was a pain. Ridiculous amount of ads and other bull crap. I can only imagine that it's worse now. Considering there are hosts that charge dollars per year (I really don't know how they afford to do that) I would go with one of those hosts before a free one.

Any shared hosting environment wont really be that secure though. It only takes one customer on that server to have php or other web scripts that have a security exploit in them and someone can compromise the entire server depending on what the exploit allows them to do. Yeah Apache is not running as root but if someone can manage to gain shell access you just assume they will be able to find a way to escalate to root. It's not that hard for someone that knows their stuff. Which brings you to another issue, any customer with bad intentions can easily compromise the server from their own account.

That said shared hosting has it's place especially for a smaller site and chances are you'll be fine, but treat everything you do on it as untrusted. Ex: I would not put SSH keys that allow to connect right to your home network, or anything like that.