Sudheer wrote:
Michael A. Peters wrote:


Sites (like mine) that don't want to pay a certificate authority can use a self-signed cert. Even Red Hat does for some of their stuff (IE I believe their bugzilla server)

Firefox scares its users when they encounter a website with self signed certificate. If your website users aren't worried about the warning Firefox throws at them, self signed cert works well.



Yeah it does, hopefully they fix it.
What scares me is allowing sites I have no reason to trust as non malicious and have no reason to trust as properly secured against XSS injection to load scripts that execute on my machine.

People who use Firefox may be scared by the absurd warning FireFox 3 uses (something I've complained about to them) - other than informing users of the issue and hoping some read it, not much I can do about that. Hopefully FireFox will fix the issue and do something like what opera does (except the cert for session if you just click OK, accept it permanently if you click the security tab and check a box first).

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to