On Fri, 5 Jul 2002, Richard Lynch wrote: > But unless you paid the $200 to get it from a CA, surfers will see a nasty > (and totally inaccurate/misleading) warning about how insecure it is.
It is easy to launch a man-the-middle attack against a session being initiated between a client and a server with a self-signed certificate. You just send the client a self-signed certificate of your own, and it can't tell it apart from the real one - same error message shows up. miguel -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php