Hmm I never tried it with the wrong domain name in the cert. That may or may not work but I personally never said it would or wouldn't ;-)
-----Original Message----- From: Snake [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 03, 2006 7:33 PM To: CF-Talk Subject: RE: Break it down for n00bs: security problems of non-SSL intrane t? I'd like to see that too. I have never seen an invalid cert that doesn't match the domain NOT prompt you with that information. That is the whole point in having them. Russ === Dave said I think I'll move on with my life in either case, thanks for asking. I simply wanted you to point out some piece of evidence in favor of the idea that you can present an invalid certificate and have it accepted automatically. I don't want a step-by-step how-to, just some tiny shred of proof. Because, you see, this is really the key part of the discussion. Any idiot can set up an SSL proxy, and users may well go to that and blindly accept its certificate. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:255295 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
