> Do you know what a MItM attack is? Middle is just that... the > middle. Middle of what? The very same endpoints you > mentioned... the client and the server. > Basically you trick the client into believing you are the > server and trick the server into thinking you are the client > so all traffic between the 2 'endpoints' is routed through > you... you then 'generously' forward said traffic it to its' > rightful destination.
I'm well aware what a "man-in-the-middle" attack is, thanks. SSL is not especially vulnerable to this, because it verifies the identity of both endpoints and provides secure key exchange between said endpoints. This only applies to certificates signed by a trusted CA, of course, and there have been specific bugs in specific products such as IE that have broken this, but SSL, properly configured and used, protects pretty well against those attacks. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:255141 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
