> Any time you > send credentials over a network, any network, you should be encrypting > it. An infected or compromised machine on that network could do a lot > of damage.
+1 There's one reasonable exception I can think of whose architecture follows. A HA setup where the real servers are on an isolated network behind a hardware load balancer with SSL offloading. It's very common that you would _not_ want SSL on the real servers to actually receive some benefit from the SSL offloading. That said I personally think SSL offloading is largely snake oil that allows LB vendors to charge insane amounts of money for their products. Our 6-figure ServerIron hardware advertised SSL offloading features, but our network admins have yet to figure out how to use it effectively. I'm sure they've "fixed" this in more recent versions, but the feature has fundamental issues with administration in a distributed environment. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
