what is wwws.site.com

web-development security
9,307

Solution 1

There's no good reason to do this. Some marketing person probably suggested it.

In fact, it's a bad idea, because it teaches users to trust the host name and not the browser's security indicators (lock icon, etc.)

Solution 2

I do this (though I usually use secure.site.com or similar) when I have separate content to serve. I.e., when site.com and secure.site.com contain different things and/or have different restrictions on who (i.e., source IP address) can use them. If they're both serving the same content, then I'm not sure why you'd do this -- I don't see any benefit to it. I'd guess that it was done this way simply because the person who set it up didn't otherwise know how to configure both HTTP and HTTPS on the same domain in the same config.

Solution 3

HP used to do this, and they may still do it. This is how they load balanced their site. Each sub-domain could be associated with a separate IP address and upon logging into www.hp.com you would be redirected to one of www1.hp.com ... etc I think there may have even been a time before CDN's came into their own, that Amazon did the same thing.

Sometimes this is due to poor application design, in which the server hosting website version1 is hosted at 68.68.68.2 (www.domain.com) and then someone rewrites the website because your developer from Texas is now in jail (true story...) and because some XML-RPC logic buried in the pile of crap at www.domain.com is still needed we just redirect our users to wwws.domain.com (68.68.68.3) where our new and improved site is that was developed by Brian the disgruntled ex Microsoft employee.

We aren't sure what will happen if we take down www.domain.com or move it or rename it, so we just leave it instead of migrating our 'good' website back to our primary domain.

Share:
9,307

Related videos on Youtube

Chingiz Musayev
Author by

Chingiz Musayev

Updated on September 17, 2022

Comments

  • Chingiz Musayev
    Chingiz Musayev over 1 year

    I know about https for securing important pages like login and such. But why would someone create a separate subdomain like wwws as well? for example

    https://wwws.site.com/login

    • Admin
      Admin about 13 years
      what does this have to do with php?
    • kel
      kel about 13 years
      When common non technical/internet people see "www" in the URL it either makes them feel better or they think it has to be there. Have you ever tried telling a client to go to a sub.domain.com and they don't get there because do www.sub.domain.com? Telling someone go to wwws.domain.com they will now leave out the extra www. That is just my theory from my experience.
  • Chingiz Musayev
    Chingiz Musayev about 13 years
    @Paul Schreiber Can you explain how this could even benefit for marketing. I'm not getting the point at all why they did this.
  • jmort253
    jmort253 about 13 years
    They are probably trying to sell an idea. That's what marketers do. The point @Paul is making is that wwws does absolutely nothing. It's just a name, like blog.example.com or home.example.com or www.example.com. wwws is just another name, but it could make an amateur think the site is secure even if it isn't. http or https is what tells you whether the connection is secure.
  • jmort253
    jmort253 about 13 years
    For the record, I think that's a very bad idea. Suppose your configuration got messed up and someone went to http://secure.site.com and your redirect to https failed?
  • Alex Howansky
    Alex Howansky about 13 years
    There is no non-SSL secure.site.com -- you're erroneously assuming there's a redirect. Regardless, your statement is a ridiculous argument, as you're implying that there's some other scenario which can't fall apart when its configuration gets screwed up.
  • Rory Alsop
    Rory Alsop about 13 years
    @jmort253- more accurately, all http/https tells you is if the web server is running http or https, which may give you a better indication as to whether the connection is secure.
  • Jacob Hume
    Jacob Hume about 13 years
    If you have a separate server (or virtual site) for HTTPS traffic, assigning it to its own sub-domain isn't that uncommon. "wwws" might just be a short - if vague - version of this practice.
  • Jacob Hume
    Jacob Hume about 13 years
    Whether or not this is the reasoning behind this occurrence, I would like to think that a criminal conviction is often the motivation behind naming schemes. :D

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request
How to manage OAuth flow in mobile application with server
Are compile-time variables secure in flutter?
Why is it bad practice to use an FCM Server Key on a Flutter/Android client?
How to protect Flutter app from reverse engineering
GDPR and personal data
Securely Saving API Keys In Android (flutter) Apps
How can I prevent backup for user data in flutter for iOS app?
Flutter/Dart security scans
How to hide API Keys in AndroidManifest.xml