That is correct, the actual security of the server and the applications running on it like apaches are a matter unto themselves.
Thanks, Ron DuFresne On Sun, 21 Oct 2001, David Loszewski wrote: > So does it not do anything for the security of the actual server? Just > the data on the web? > > Dave > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of R. DuFresne > Sent: Sunday, October 21, 2001 6:04 PM > To: [EMAIL PROTECTED] > Subject: Re: few questions > > > Perhaps explaining the reasons to use SSL might answer this persons > question. SSL is an encryption layer. You'd use SSL to encrypt data in > transit to prvent others from sniffing that information as it traverses > the wire. Its used alot in credit transactions, or for folks that need > to > access private information via a corporate application when they might > perhaps not be in a secured location, say offsite from the corporate > offices and not behind the corporate firewall. Using SSL merely to > display public information, like you pictures of the family and such > would > certainly be overkill. Using it for a Dr. to checkout a patients > medical > information across the insecure internet is more fitting, as well as > those > situation when you are buying something across the internet and you > prefer > to secure your credit information from being snarffed and perhaps fraud > being later comitted with that information later. Hope this better > addresses your question. > > Thanks, > > Ron DuFresne > > On Sun, 21 Oct 2001, Dave Paris wrote: > > > David Loszewski wrote: > > > > > > I have a few small questions that I'm seeking answers for, any help > > > would be much appreciated: > > > > > > 1. Mod_SSL is working...I type in 'https://192.168.0.1' and it uses > the > > > ssl but when I type in 'http://192.168.0.1:443' it doesn't work, > comes > > > up saying that it can't load the page. Ideas? > > > > URLs are encoded by protocol first. HTTP is *not* HTTPS. Plain and > > simple. Your suggestion might as well by wondering why > > http://127.0.0.1:21 doesn't make your web client a FTP client. Most > web > > browsers *can* do FTP, provided you type ftp://... > > > > > 2. How do I make it so if I type in 'http://192.168.0.1' it goes to > > > 'https://192.168.0.1', pretty much so it only uses ssl, and please > don't > > > tell me to just redirect it. > > > > You'll need to redirect it somehow, someway. The client is requesting > > one protocol and you want them to request another. If *you* don't > > redirect it, then .. uhmm .. who are you expecting will? Santa Claus > is > > busy routing presents, not packets. Look into mod_rewrite. > > > > > 3. This is more of a curious type question, but if https is so much > more > > > secured than http then why aren't all the big sites using it? > > > > "so much more secured" .. one uses encryption, one doesn't. HTTP > isn't > > secure at all. As for why not.. becuase buying racks full of majorly > > expensive SSL accelerators to hide information you want shown to as > many > > people as possible is $#!*ing dumb. > > > > -d > > ______________________________________________________________________ > > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > > User Support Mailing List [EMAIL PROTECTED] > > Automated List Manager [EMAIL PROTECTED] > > > > -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior consultant: darkstar.sysinfo.com http://darkstar.sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
