Nick Sabalausky wrote:
Anyone know of a reliable, reasonably-priced web host that...and here's the
key part...actually understands even the most basic security concepts?
It seems like every place out there has an IT/support department that is
absolutely convinced of one or more of the following:
1. Unencrypted emails are secure.
2. PGP *signing* an email encrypts the entire message.
3. It is somehow possible to email users their passwords without the
password ever being stored in either plaintext or in a reversible form (not
counting, of course, the process that actually sets the password in the
first place).
4. Secure access to the control panel isn't important.
5. If all of the navigation links and redirects inside of the HTTPS secure
version of the control panel (including the URL that the login form submits
to) all point directly to the insecure HTTP version, this somehow doesn't
defeat the whole point of having secure control panel access.
6. Some other such silliness.
I gave up trying to find a good one ages ago. There's always the option
of starting an account with SliceHost and doing it yourself, though.
-- Chris Nicholson-Sauls
