Home/ Questions/Q 7502747
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-29T20:58:39+00:00

I’m doing some codeacadamy courses at the moment. It’s a great service, highly recommended.

  • 0

I’m doing some codeacadamy courses at the moment. It’s a great service, highly recommended.

I’ve noticed they use some tracking. They use ajax posts to send user information to their tracking provider.
http://track.segment.io/

It sends some json –

{"data":{},"newId":"myemail.emailn@gmail.com","api_key":"sfdsdkjf","user_id":"myemail.email@gmail.com","callbackId":111,"attributes":{"firstSeen":"2012-02-15T17:28:23.978Z","lastSeen":"2012-02-15T17:28:23.978Z","temp":false},"context":{"timestamp":"2012-02-15T17:28:23.979Z","visit":{"id":"asfsaasfsa","start":"2012-02-15T15:23:11.000Z","end":"2012-02-15T17:28:23.978Z"}}}

You’ll notice that as I’ve not set my user name it uses my email as a reference to who I am. this seems like bad practice to me, but I’m unsure why.

My question is –

Should they be sending this info over https? I thought any personal info should always be sent over https, but I don’t really understand why. Is there a security risk here?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You are correct that sending HTTP POSTS with a JSON payload is not as secure as using HTTPS. However, this is no more or less secure than any other HTTP communication that contains your personal information.

    For example, if your email address was in a table on a normal HTML page on the server:

    <table>
   <tr><td>Email:</td><td>myemail.emailn@gmail.com</td></tr>
</table>

    …then this would be just as much of a problem as the AJAX method.

    It boils down to the requirements of the site. If you’re doing something like online banking, HTTPS is a must. However, I doubt you have to worry about hackers intercepting HTTP traffic when you’re using a site such as Code Aadamy, and HTTPS comes at a cost as well.

    • 0