I just ran across http://certs.centurywebdesign.co.uk/premiumssl-wildcard.html but there are many more sites like that: Secure multiple websites with a single PremiumSSL Certificate. For organisations hosting a single domain name but with different subdomains (e.g.
On Mon, Jun 16, 2003 at 10:47:04AM +0100, [EMAIL PROTECTED] wrote: session id). Authentication of subesequent pages is assumed only if the client's IP address matches the IP address stored in the session variable corresponding to the client's session. Is this secure? If not, why not? It's not
This has got nothing whatsoever to do with session fixation. It _has_ however, got something to do with security. In particular, with authentication. [Moderator's note: Actually, it seems to have everything to do with session fixation. --Perry] I may be ignorant about a few things but I'm
Martin, Are wildcard certficates good? secure? useful? There's a problem with wildcard certs wrt how URLs are being displayed in many of the browsers, esp. the older ones. If the host name is extremely long the browser will be unable to show the complete URL to the user, with some browsers
also sprach Stefan Kelm [EMAIL PROTECTED] [2003.06.16.1652 +0200]: Now, suppose I buy a certificate for *.i-am-bad.com (assuming that I'm the owner of that domain). I could then set up an SSL server with a hostname of something like