On Thu, Jun 23, 2011 at 12:17 PM, Joseph Heaton <[email protected]> wrote: >>> So what do you do to "secure" your website? If not certs, then what? >> >> I didn't say I had a better solution. That doesn't prevent me from >> recognizing the problem. > > I wasn't criticizing what you said, was just curious if there was new > technology I didn't know about.
Oh, sorry. I don't really operate any websites that need SSL. I manage a few things here and there, but for that I use SSH, which uses certificates I generate, manage, and trust, so no problems there. SSL, and the X.509 certificates it uses, *could* provide a useful security improvement, but they would have to be used properly. Since anyone with a credit card can obtain a certificate, and since the CAs don't really do any identity checking, the usefulness of certs for authentication is extremely diluted. And with most "secure" webservers being operated by incompetent boobs, it doesn't matter that the transport is secure. And with most client PCs being operated by lusers who have zero knowledge of security and about the same desire to learn, they've already given up everything to the malware on their PC anyway. Clearly there are some challenges. :) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
