On 9/18/08 11:31 AM, "Graeme Ruthven" <[EMAIL PROTECTED]> wrote:
>
> I've said it before and I'll say it again: Any system that sends passwords
> and personal and financial data over the Internet in plaintext is not
> production ready. Sorry Mifos.
>
I¹m a little confused, has anyone ever stated they will not being using some
form of secure communication? The question I was posing was whether we
should pay for a third party to certify our security cert or just certify
our own, and definitely not proposing we don¹t use SSL at all ;)
I brought up the topic with some friends and there were some mixed responses
about it, but at the heart of it, getting a third party to certify is a lot
more secure than signing your own.
> CACert (www.cacert.org) issues free certificates, which should be affordable
> to most MFIs.
>
> The downside is that their root certificate isn't installed in most browsers
> by default. On Windows, at least.
>
> However it's a simple matter to install it -
> http://www.cacert.org/index.php?id=3 - and the end users' PCs should be
> under the MFI's management, so installing on them should be simple.
> (Installing a root certificate for a self-signed cert is also be possible,
> and I use them for some systems as well.)
>
> Visit https://rt.kula.co.nz for an example. If you haven't installed the
> root certificate you'll get a warning - quite strong in the case of Firefox
> 3 - but once it is installed the site looks just like any that is
> authenticated by one of the expensive ones. This URL is for a site on a
> server on my home network, connected via ADSL and with a dynamic IP
> address...
Thanks for the detailed info! We¹ll definitely keep it in mind (and looking
at the archives, looks like we already discussed this once ;)). That said,
I thought about it more and I still have a lot of reservations on relying on
SSL alone. With that in mind, the Network person here is going to look at
and evaluate OpenVPN (www.openvpn.net), which I believe both you and
Gbolahan have setup. If that doesn¹t look like it¹ll work, we¹ll probably
fall back on SSL and go with the CACert.
BTW, Graeme, did you ever finish your OpenVPN HOWTO you were talking about?
Ryan
Ryan Whitney
Mifos Technical Program Manager
[EMAIL PROTECTED]
Mifos - Technology that Empowers Microfinance (www.mifos.org)
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Mifos-functional mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/mifos-functional
