[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] Re: RE: Encoding charset of HTTP Basic Authentication
On 30 January 2012 15:44, David Lee <dlee@calldei.com> wrote: > Were back to the problem that SSL doesn't solve the problem (today) Â it was > originally intended to solve. Â But it happens to solve *this* problem (as > long as you ignore the fact that both ends may be insecure - in which case > all bets are off). > > But yes the crux is that Authentication in pure HTTP is either insecure or > hard. > That's just the way it is (as far as I know). > > <rant> > This is why a particular annoyance of mine is the false-sense-of-security of > CA signed certificates. > If browsers didn't put up an ugly warning about how scary a self-signed > certificate was then more people would use SSL and the internet would be > more secure. > But if you use plain HTTP you don't get a warning - just insecurity. > Why is it like this ? My only guess ... "Follow the money ..." ? > > </rant> > Security conscient people seems to not like this idea, because MITM attacks are easy with selfsigned certs. Then recently some rogue certificates where generated, for google and other domains. The next time you pay something with Paypal, you could be using some mitm Iranian server, or perhaps some CIA server. For two years USA was reading Megavideo CEO emails. So storage is another problem (don't put your secrets on the cloud as cleartext), have your data in non-USA service. -- -- â±in del â³ensaje.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] |
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|