> I think just use a flippin' ssl server and be done with it.


> When I go to a website that requires me to let them execute JavaScript I
> rarely go back.

Many people do this, I hope that the OP realizes this.

> You can use SSL for the login and only the login - I know that it means
> either using a self signed cert or paying big bucks, for anything with
> e-commerce you want to pay big bucks for a cert, there is no other option.
> For anything not e-commerce, using a self signed cert seems a lot more
> secure to me than having the browser grab some salt off your server, use
> javascript to encrypt the pass, and then sending it back.

Have you seen the fit Firefox 3 makes for self-signed certs? So far as
the end user is concerned, the site is inaccesible.

Dotan Cohen



Reply via email to