Hi gang:
I have a client who had his entire site moved to another host -- no big problem.
However, the old site had a https directory, where I had secure scripts to do
credit-card transactions, but the new site doesn't have a https directory -- in
fact it doesn't even have a http directory at
On Sep 25, 2013, at 1:55 PM, Tedd Sperling t...@sperling.com wrote:
Hi gang:
I have a client who had his entire site moved to another host -- no big
problem.
However, the old site had a https directory, where I had secure scripts to do
credit-card transactions, but the new site doesn't
On Sep 25, 2013, at 1:58 PM, Joshua Kehn josh.k...@gmail.com wrote:
On Sep 25, 2013, at 1:55 PM, Tedd Sperling t...@sperling.com wrote:
Hi gang:
I have a client who had his entire site moved to another host -- no big
problem.
However, the old site had a https directory, where I had
On Sep 25, 2013, at 2:24 PM, Tedd Sperling tedd.sperl...@gmail.com wrote:
I understand that cc processing should be done via https.
Normally, that means to me that I place my $ scripts in a https directory --
the problem is that I don't have one with this host.
So, I am asking how does
On Wed, Sep 25, 2013 at 1:55 PM, Tedd Sperling t...@sperling.com wrote:
Hi gang:
I have a client who had his entire site moved to another host -- no big
problem.
However, the old site had a https directory, where I had secure scripts to do
credit-card transactions, but the new site
On May 31, 2011, at 12:34 AM, Negin Nickparsa wrote:
I need to create a login page with HTTPS to yahoo
Do I have to have a valid certificate?
I have not trust certification centre, so before anything under
HTTPS will
be shown up, the window will come with information: valid
certificate:
Thank you
hi all,
I want to write an application that can be logged to yahoo.com using https
protocol
Would you please put me some suggestions and advices?
if ($_SERVER['SERVER_PORT'] != 443) {
header(Location: https://.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
}
30, 2011 4:04 PM
To: php-general@lists.php.net
Subject: [PHP] https help
hi all,
I want to write an application that can be logged to yahoo.com using https
protocol
Would you please put me some suggestions and advices?
if ($_SERVER['SERVER_PORT'] != 443) {
header(Location: https://.$_SERVER
I need to create a login page with HTTPS to yahoo
Do I have to have a valid certificate?
I have not trust certification centre, so before anything under HTTPS will
be shown up, the window will come with information: valid certificate: yes,
valid domain: yes, valid authority for SSL key: no.
am
it is the output:
http://www.yahoo.com/?s=https
can i force it to show me
https://www.yahoo.com
?
yahoo don't have ssl enabled on all their content it seems.
http://privacy.yahoo.com/privacy/us/security/details.html
~viraj
On Tue, May 31, 2011 at 11:11 AM, Negin Nickparsa nickpa...@gmail.com wrote:
it is the output:
http://www.yahoo.com/?s=https
can i force it to show me
Hello everybody
I need me a little help.
I have one web page with hhtp protocol, but i need to change in https.
Somebody tell me that I need to create some SSL certificate.
I use some Apache server.
Do you somebody know does is easy and can i do?
Does need to write some php scripts or anything?
You should look up something like openssl how to create self signed
certificate on google. Once cert is created, you should look up apache ssl
howto. The rest is just following instructions intelligently. Or use a
consulting company.
b.
PS: This has nothing to do with PHP, in case you haven't
Hello
I have one web page with hhtp protocol, but i need to change in https.
Do you somebody know does is easy and can i do?
Does need to write some php scripts or anything.
Thanks a lot.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
On Sun, 2010-08-01 at 13:29 +0200, Jordan Jovanov wrote:
Hello
I have one web page with hhtp protocol, but i need to change in https.
Do you somebody know does is easy and can i do?
Does need to write some php scripts or anything.
Thanks a lot.
You need to set up a security
PJ wrote:
Don't forget, you have to have a certificate, real or dummy for this to
work. :-)
Note that Firefox makes things difficult for non tech users with self
signed certs, so for a live site open to the public, you really do want
to spend the dough on a certificate from an authority.
PJ wrote:
Can't find anything on G or web - but I probably didn't try hard
enough.
Correct :-)
I am unable to set my virtual hosts to handle https.
I have apache22, mod_ssl, opnenssl and the httpd and httpd-vhosts.conf
files are set up correctly but directing a sensitive user
PJ wrote:
Can't find anything on G or web - but I probably didn't try hard enough.
I am unable to set my virtual hosts to handle https.
I have apache22, mod_ssl, opnenssl and the httpd and httpd-vhosts.conf
files are set up correctly but directing a sensitive user information
page to an HTTPS
Michael A. Peters wrote:
PJ wrote:
Can't find anything on G or web - but I probably didn't try hard enough.
I am unable to set my virtual hosts to handle https.
I have apache22, mod_ssl, opnenssl and the httpd and httpd-vhosts.conf
files are set up correctly but directing a sensitive user
Per Jessen wrote:
PJ wrote:
Can't find anything on G or web - but I probably didn't try hard
enough.
Correct :-)
I am unable to set my virtual hosts to handle https.
I have apache22, mod_ssl, opnenssl and the httpd and httpd-vhosts.conf
files are set up correctly but
Shanon Swafford wrote:
-Original Message-
From: PJ [mailto:af.gour...@videotron.ca]
Sent: Thursday, June 04, 2009 3:59 PM
To: php-general@lists.php.net
Subject: [PHP] https setup
Can't find anything on G or web - but I probably didn't try hard enough.
I am unable to set my virtual
Can't find anything on G or web - but I probably didn't try hard enough.
I am unable to set my virtual hosts to handle https.
I have apache22, mod_ssl, opnenssl and the httpd and httpd-vhosts.conf
files are set up correctly but directing a sensitive user information
page to an HTTPS page returns
Hi,
To add to what others have said: CC processors with which I have worked will
audit your site *before* certifying your site to accept CC information. In
other words, if you don't do SSL, you won't be *allowed* to process cards.
FWIW, companies exist that will host your buy page(s), so you
You are right - Decline the job, you don't want any credit-card stealing on
your head
On Wed, Apr 15, 2009 at 1:10 PM, Richard Heyes rich...@php.net wrote:
Hi,
To add to what others have said: CC processors with which I have worked
will
audit your site *before* certifying your site to
Hi,
I've always put any forms that collect credit card information behind a
secure connection, https, figuring that sending that information from the
client browser to the server should be secure, but I'm having convincing a
client that it is necessary.
He instead insists that only the call
On Mon, Apr 13, 2009 at 11:19 PM, Skip Evans s...@bigskypenguin.com wrote:
Hey all,
I've always put any forms that collect credit card information behind a
secure connection, https, figuring that sending that information from the
client browser to the server should be secure, but I'm having
Sounds like your client wants to end up listed in a Terminated Merchant File.
On Mon, Apr 13, 2009 at 11:19 PM, Skip Evans s...@bigskypenguin.com wrote:
Hey all,
I've always put any forms that collect credit card information behind a
secure connection, https, figuring that sending that
On Apr 13, 2009, at 10:19 PM, Skip Evans wrote:
But doesn't also the form need to be secure since you're sending CC
information from that form back to the web site's server?
That's what I've always assumed.
I need some opinions on this, and if I'm right I think the client
will defer to a
Hey all,
I've always put any forms that collect credit card information
behind a secure connection, https, figuring that sending that
information from the client browser to the server should be
secure, but I'm having convincing a client that it is necessary.
He instead insists that only the
On Mon, Apr 13, 2009 at 10:19:34PM -0500, Skip Evans wrote:
Hey all,
I've always put any forms that collect credit card information
behind a secure connection, https, figuring that sending that
information from the client browser to the server should be
secure, but I'm having convincing a
why isnt this redirecting my page to https://www.mydomain.com instead
the page stays at my domain.com
?php
class URL {
// Public Variables
public $HTTPS;
public $ServerName;
public $WWW;
// Public Functions
public function
Robert Cummings wrote:
On Fri, 2008-02-15 at 15:05 -0500, Robert Cummings wrote:
On Fri, 2008-02-15 at 14:58 -0500, nihilism machine wrote:
why isnt this redirecting my page to https://www.mydomain.com instead
the page stays at my domain.com
?php
class URL {
// Public Variables
On Fri, 2008-02-15 at 14:58 -0500, nihilism machine wrote:
why isnt this redirecting my page to https://www.mydomain.com instead
the page stays at my domain.com
?php
class URL {
// Public Variables
public $HTTPS;
public $ServerName;
public $WWW;
On Fri, 2008-02-15 at 15:05 -0500, Robert Cummings wrote:
On Fri, 2008-02-15 at 14:58 -0500, nihilism machine wrote:
why isnt this redirecting my page to https://www.mydomain.com instead
the page stays at my domain.com
?php
class URL {
// Public Variables
public
On Mon, January 29, 2007 12:30 am, chetan rane wrote:
i am writing a progrram for a Jabber COnnection manager. I want to
access
the client XML using HTTPS. do any one know a way to so it
http://php.net/curl
will get you through the S part of HTTPS nice and easy.
Mucking with the XML, you have
hi everyone
i am writing a progrram for a Jabber COnnection manager. I want to access
the client XML using HTTPS. do any one know a way to so it
Have any one the
--
Have A plesant Day
Chetan. D. Rane
Location: Pune , India
Contact: +91-9890792762
otherID: [EMAIL PROTECTED]
[EMAIL
@lists.php.net
Subject: [PHP] HTTPS
hi everyone
i am writing a progrram for a Jabber COnnection manager. I want to access
the client XML using HTTPS. do any one know a way to so it
Have any one the
--
Have A plesant Day
Chetan. D. Rane
Location: Pune , India
Contact: +91-9890792762
otherID: [EMAIL
[snip]
soapclient('https://webservices.netsuite.com/wsdl/v1_3_1/netsuite.wsdl');
The 's' in 'https' should be all that nuSOAP would need to know that
it should use SSL, if nuSOAP can do that.
[/snip]
Correct. NuSOAP do detect automatically, and if CURL is configured it will
work.
[snip]
On Wed, March 22, 2006 1:41 am, Peter Lauri wrote:
I am trying to use a Web Service on the following endpoint
https://webservices.netsuite.com/wsdl/v1_3_1/netsuite.wsdl. As seen in
the
url, it is under HTTPS. I have compiled PHP with CURL and verified
that CURL
is working. In the
[snip]
'account'='theaccountnumber',
'role internalId=theinternalid'=''));
Does that work to set the attribute?
[/snip]
You are correct, that does NOT work. I found out to use soapval instead.
Thank you!
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit:
I am trying to use a Web Service on the following endpoint
https://webservices.netsuite.com/wsdl/v1_3_1/netsuite.wsdl. As seen in the
url, it is under HTTPS. I have compiled PHP with CURL and verified that CURL
is working. In the documentation for NuSOAP I can not find how I set the
soapclient to
Hi,
I am trying to use a Web Service on the following endpoint
https://webservices.netsuite.com/wsdl/v1_3_1/netsuite.wsdl. As seen in the
url, it is under HTTPS. I have compiled PHP with CURL and verified that CURL
is working. In the documentation for NuSOAP I can not find how I set the
full urls for images, the browser will usually complain if the page is
accessed via https and the image via http.
Warren Vail
-Original Message-
From: Greg Donald [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 27, 2004 3:01 PM
To: php-general
Subject: Re: [PHP] https://...
On Wed, 27 Oct
will usually complain if the page is
accessed via https and the image via http.
Warren Vail
-Original Message-
From: Greg Donald [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 27, 2004 3:01 PM
To: php-general
Subject: Re: [PHP] https://...
On Wed, 27 Oct 2004 16:35:14 -0500, Afan
Hi Robby,
Yes, I looked at SERVER_PORT/SERVER_PROTOCOL. What I got is 80 and
HTTP/1.1 when I manually change http:// to https:// I'm getting 443 and
HTTP/1.1
I am not so good in this: you want to say that SSL use 443 port
-afan
Robby Russell wrote:
On Wed, 2004-10-27 at 16:35 -0500, Afan
On Thu, 28 Oct 2004 11:01:53 -0500, Afan Pasalic [EMAIL PROTECTED] wrote:
I am not so good in this: you want to say that SSL use 443 port
Yup.
--
Greg Donald
Zend Certified Engineer
http://gdconsultants.com/
http://destiney.com/
--
PHP General Mailing List (http://www.php.net/)
To
that's why I use it, sure.
but can't find anything that helps me.
Greg Donald wrote:
On Wed, 27 Oct 2004 16:35:14 -0500, Afan Pasalic [EMAIL PROTECTED] wrote:
hi,
how can I check using php that I use SSL?
tried with
REQUEST_URI
HTTP_HOST
PATH_INFO
but any of these does show http://
phpinfo()
Subject: Re: [PHP] https://...
On Wed, 27 Oct 2004 16:35:14 -0500, Afan Pasalic [EMAIL PROTECTED] wrote:
hi,
how can I check using php that I use SSL?
tried with
REQUEST_URI
HTTP_HOST
PATH_INFO
but any of these does show http://
phpinfo() describes my SSL stuff pretty well if that's what you
, October 27, 2004 3:01 PM
To: php-general
Subject: Re: [PHP] https://...
On Wed, 27 Oct 2004 16:35:14 -0500, Afan Pasalic [EMAIL PROTECTED] wrote:
hi,
how can I check using php that I use SSL?
tried with
REQUEST_URI
HTTP_HOST
PATH_INFO
but any of these does show http://
phpinfo() describes my SSL
Well, didn't know that one.
Thanks Greg, didn't know that one :)
Today is successful day - learned something new :)
-afan
Greg Donald wrote:
On Thu, 28 Oct 2004 11:01:53 -0500, Afan Pasalic [EMAIL PROTECTED] wrote:
I am not so good in this: you want to say that SSL use 443 port
Yup.
--
PHP
On Thu, 2004-10-28 at 11:01 -0500, Afan Pasalic wrote:
Hi Robby,
Yes, I looked at SERVER_PORT/SERVER_PROTOCOL. What I got is 80 and
HTTP/1.1 when I manually change http:// to https:// I'm getting 443 and
HTTP/1.1
I am not so good in this: you want to say that SSL use 443 port
-afan
hi,
how can I check using php that I use SSL?
tried with
REQUEST_URI
HTTP_HOST
PATH_INFO
but any of these does show http://
Thanks!
-afan
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
On Wed, 2004-10-27 at 16:35 -0500, Afan Pasalic wrote:
hi,
how can I check using php that I use SSL?
tried with
REQUEST_URI
HTTP_HOST
PATH_INFO
but any of these does show http://
Thanks!
-afan
Have you looked at $_SERVER['SERVER_PORT'] and
$_SERVER['SERVER_PROTOCOL']
?
-Robby
--
On Wed, 27 Oct 2004 16:35:14 -0500, Afan Pasalic [EMAIL PROTECTED] wrote:
hi,
how can I check using php that I use SSL?
tried with
REQUEST_URI
HTTP_HOST
PATH_INFO
but any of these does show http://
phpinfo() describes my SSL stuff pretty well if that's what you mean.
And I also found:
:[EMAIL PROTECTED]
Sent: Wednesday, October 27, 2004 3:01 PM
To: php-general
Subject: Re: [PHP] https://...
On Wed, 27 Oct 2004 16:35:14 -0500, Afan Pasalic [EMAIL PROTECTED] wrote:
hi,
how can I check using php that I use SSL?
tried with
REQUEST_URI
HTTP_HOST
PATH_INFO
but any of these does
Upgraded our PHP installation from 4.1.2 to 4.3.4, scripts that
worked fine before are no longer doing so. The failure can be
traced to the fact that sessions are never being reused (i.e. a new
session gets started with each connection). The session files get
written with proper information but
* Thus wrote Michael R. Wayne ([EMAIL PROTECTED]):
Upgraded our PHP installation from 4.1.2 to 4.3.4, scripts that
worked fine before are no longer doing so. The failure can be
traced to the fact that sessions are never being reused (i.e. a new
session gets started with each connection).
On Fri, Apr 30, 2004 at 08:52:37PM +, Curt Zirzow wrote:
session.cookie_path
session.cookie_domain
session.cookie_secure
session.cookie_path /
session.cookie_secure Off
session.cookie_domain no value
But we never use cookies:
session.use_cookies Off
/\/\ \/\/
--
PHP
* Thus wrote Michael R. Wayne ([EMAIL PROTECTED]):
On Fri, Apr 30, 2004 at 08:52:37PM +, Curt Zirzow wrote:
session.cookie_path
session.cookie_domain
session.cookie_secure
session.cookie_path /
session.cookie_secure Off
session.cookie_domain no value
But we never use
Hello!
I have search for info in this group about this topic and found it but can't
get working my program.
These are the steps I have done:
1º Download and install latest php version (4.3.4)
2º Test that it works (IIS)
3º Change php.ini:
extension_dir = install_dir/extensions/
uncomment
Hi,
Is there a way to determite with PHP thath site visitor is in https (SSL)
mode or in normal mode ?
Thanks,
Rosen
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Hi,
Sunday, October 12, 2003, 9:09:15 PM, you wrote:
R Hi,
R Is there a way to determite with PHP thath site visitor is in https (SSL)
R mode or in normal mode ?
R Thanks,
R Rosen
put phpinfo(32); at the top of the page and that should show what is available
with an ssl connection if you make
I.e. if I use _SERVER[SERVER_PORT] = 443 - for https connection and 80
for normal - i'll be able to determite if user is in https mode - I think
thath should be works . ?
Thanks,
Rosen
Tom Rogers [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Hi,
Sunday, October 12, 2003,
Hi,
Sunday, October 12, 2003, 9:24:40 PM, you wrote:
R I.e. if I use _SERVER[SERVER_PORT] = 443 - for https connection and 80
R for normal - i'll be able to determite if user is in https mode - I think
R thath should be works . ?
R Thanks,
R Rosen
looks like a good start :)
--
regards,
On Sun, Oct 12, 2003 at 01:09:15PM +0200, Rosen wrote:
:
: Is there a way to determite with PHP thath site visitor is in https (SSL)
: mode or in normal mode ?
Check for the existence of $_SERVER['HTTPS'] which gets set only on SSL
pages. I wonder why it's still not mentioned in the official
On Sun, Oct 12, 2003 at 01:24:40PM +0200, Rosen wrote:
:
: I.e. if I use _SERVER[SERVER_PORT] = 443 - for https connection and 80
: for normal - i'll be able to determite if user is in https mode - I think
: thath should be works . ?
Technically, you can't guarantee that anything running over
Hi,
Sunday, October 12, 2003, 8:46:41 PM, you wrote:
EL On Sun, Oct 12, 2003 at 01:24:40PM +0200, Rosen wrote:
EL :
EL : I.e. if I use _SERVER[SERVER_PORT] = 443 - for https connection and 80
EL : for normal - i'll be able to determite if user is in https mode - I think
EL : thath should be
On Sun, Oct 12, 2003 at 08:52:30PM +1000, Tom Rogers wrote:
: Sunday, October 12, 2003, 8:46:41 PM, Eugene wrote:
: EL On Sun, Oct 12, 2003 at 01:24:40PM +0200, Rosen wrote:
: EL :
: EL : I.e. if I use _SERVER[SERVER_PORT] = 443 - for https connection
: EL : and 80 for normal - i'll be able to
Hi,
Sunday, October 12, 2003, 10:27:21 PM, you wrote:
EL Unless Apache is configured so that both SSL and non-SSL virtualhosts
EL to point to the same directory containing said script, or said script is
EL shared (via PHP include(), require(), etc.) by other PHP scripts in both
EL SSL and
* Thus wrote Rosen ([EMAIL PROTECTED]):
I.e. if I use _SERVER[SERVER_PORT] = 443 - for https connection and 80
for normal - i'll be able to determite if user is in https mode - I think
thath should be works . ?
There is no guarantee that port 443 == https and 80 == http.
Curt
--
My PHP key
: [PHP] HTTPS POST without user/client intervention
I am writing a php script to accept an HTTPS POST of data from a remote
site, process the data, and send an HTTPS POST response back (not
necessarily to the same remote site). I can do this pretty easily in
PERL (which I may have to if I can't find
|-Original Message-
|From: PHP List [mailto:[EMAIL PROTECTED]
|Sent: Tuesday, July 15, 2003 1:02 PM
|To: [EMAIL PROTECTED]
|Subject: [PHP] HTTPS POST without user/client intervention
|
|I am writing a php script to accept an HTTPS POST of data from a remote
|site, process the data
I am writing a php script to accept an HTTPS POST of data from a remote
site, process the data, and send an HTTPS POST response back (not
necessarily to the same remote site). I can do this pretty easily in
PERL (which I may have to if I can't find a PHP solution). Also I need
to do the https
--- PHP List [EMAIL PROTECTED] wrote:
I am writing a php script to accept an HTTPS POST of data from a
remote site, process the data, and send an HTTPS POST response back
(not necessarily to the same remote site).
Can you perhaps rephrase what you are trying to do? The way I interpret what
you
On Tue, 2003-07-15 at 15:12, Chris Shiflett wrote:
--- PHP List [EMAIL PROTECTED] wrote:
I am writing a php script to accept an HTTPS POST of data from a
remote site, process the data, and send an HTTPS POST response back
(not necessarily to the same remote site).
Can you perhaps
--- PHP List [EMAIL PROTECTED] wrote:
As for sending a POST request to a remote site via SSL, just check
out cURL, which also has a convenient PEAR package.
This is what I am trying to do...and thanks for point out cURL...I will
check it out.
In that case, you should find this helpful:
Hello everyone,
Apache 2.0.40
PHP 4.2.2
Linux
I have a single php script for downloading requested files. It works
beautifully on http over port 80. It does NOT work at all over https on
port 443. I am using the exact same script (the very same file) for both
http and https connections.
Apache 2.0.40
PHP 4.2.2
Linux
I have a single php script for downloading requested files. It works
beautifully on http over port 80. It does NOT work at all over https on
port 443. I am using the exact same script (the very same file) for both
http and https connections. Apache has the
: Thursday, June 19, 2003 9:39 AM
To: Henning Sittler; [EMAIL PROTECTED]
Subject: Re: [PHP] php https file download
Apache 2.0.40
PHP 4.2.2
Linux
I have a single php script for downloading requested files. It works
beautifully on http over port 80. It does NOT work at all over https on
port 443
I recently switched my site from a server running PHP 4.0.1 to
a site using 4.2.1. Other than this the servers are identical, running
both the same
versions of redhat linux and apache.
Now however, I can no longer post to forms using HTTPS. It returns a
Page cannot be displayed error.
.: Shopping carts 'too boring'?! Of course they're boring!
-Original Message-
From: Richard Lynch [mailto:[EMAIL PROTECTED]]
Sent: Monday, July 08, 2002 4:33 PM
To: [EMAIL PROTECTED]
Subject: Re: [PHP] HTTPS vs. HTTP ?
How do you know their certificate hasn't been stolen, and they haven't
Hey Folks:
Speaking of identity theft, here's a fun story. Involves a Hollywood
Video store. HV is a large chain of video rental stores.
http://www.nydailynews.com/2002-07-09/News_and_Views/Crime_File/a-156851.asp
--Dan
--
PHP classes that make web design easier
SQL
Chris Shiflett wrote:
I think I'm going to compile all of my SSL explanations into a more
clear and informative explanation and post it on the Web somewhere.
Yes please.
Chris
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
How do you know their certificate hasn't been stolen, and they haven't even
figured it out yet? How do you know they were trustworthy people in the
first place?
Why do you ASSUME that they're NOT trustworthy people? Do you go through your entire
life in that shell?
The more I think about
the name,
cc number and expiration date for later use.
- Theo
-Original Message-
From: B.C. Lance [mailto:[EMAIL PROTECTED]]
Sent: Sunday, July 07, 2002 12:37 AM
To: [EMAIL PROTECTED]
Subject: Re: [PHP] HTTPS vs. HTTP ? - the weakest link
sorry to barge in. but the weakest link ain't
On Mon, 8 Jul 2002, Brinkman, Theodore wrote:
Think about it for a moment. E-commerce involving properly signed sites is,
at the very least, more secure than handing your credit card to a waiter in
a restauraunt. The waiter can walk off with your card, and come back 2
minutes later with
How do you know their certificate hasn't been stolen, and they haven't even
figured it out yet? How do you know they were trustworthy people in the
first place?
Why do you ASSUME that they're NOT trustworthy people? Do you go through
your entire life in that shell?
Everybody gets a limited
Folks:
Allow me to emphasize Richard's point about not trusting certificate
authorities. I have an SSL certificate. It was fairly simple to get,
despite several discrepancies in my documentation.
While it made things easier for me, which I'm thankful for. Fortunately,
I'm a legitimate
On Mon, 8 Jul 2002, Analysis Solutions wrote:
Allow me to emphasize Richard's point about not trusting certificate
authorities. I have an SSL certificate. It was fairly simple to get,
despite several discrepancies in my documentation.
While it made things easier for me, which I'm
On Sat, 6 Jul 2002, Richard Lynch wrote:
I think we both agree that any old certificate is secure from snooping,
right?
I would disagree with that.
In order to snoop on a connection, you need to have some access to the
link.
This may be by being in the same building with one of the
In public key cryptography, it is the *keys*, not the digital
certificate that encrypt/decrypt the communication.
Okay.
I break into his co-lo, I walk off with his computer, and I break into his
office, I walk off with his computers, I kill the guy, and I kidnap his
wife.
I have everything.
Or, even easier and no tech, I get a low-paying job in some convenience
store, and make copies of the credit card receipts.
Game Over.
Using a credit card anywhere involves trust. Period. End of story.
-Original Message-
From: Richard Lynch [mailto:[EMAIL PROTECTED]]
How about an even
I think I'm going to forget trying to explain the technical details,
because somehow this conversation is completely missing the point now. :)
SSL allows you to be sure that your credit card number is getting safely
and securely to the Web site identified by a certain domain name. That's
all
on 08/07/02 10:48 AM, Mark Charette ([EMAIL PROTECTED]) wrote:
Or, even easier and no tech, I get a low-paying job in some convenience
store, and make copies of the credit card receipts.
Game Over.
Using a credit card anywhere involves trust. Period. End of story.
Couldn't agree more.
Personally, I think the concept of NEEDING https is a bit rediculous.
Generally, trying to get through the front door, would be the same as
trying to get through a concrete wall with a baseball bat...
Now, finding a back door, and getting at THEIR database is the REAL key.
people don't
ðÒÉ×ÅÔ!
Chris Shiflett wrote:
it is very misleading and would indicate that I
have very little knowledge about PKI systems,
Come on, nobody here would ever think of that. Especially since most of
us (put me as first one in the list) should know much more about PKI
ourselves before
On Mon, 8 Jul 2002, Alberto Serra wrote:
Chris Shiflett wrote:
Of course, as users of Web browsers such as Netscape and Internet
Explorer, we have to trust AOL/Time Warner and Microsoft, respectively,
(yeah, scary thought) to only trust CAs that have high integrity,
security, etc. An
Alberto Serra wrote:
However, it is adequate to know that one key is used to do the
encrypting, while the other is used for the decrypting. These are
generally referred to as public and private keys, because one is made
available to the public while the other is kept safely stored (in the
Miguel Cruz wrote:
Nobody thinks they're checking whether or not goodguys.com are good guys.
It is your job as a consumer to research them. Once you have researched
them and decided to do business with them, the certificate authority gives
you a pretty solid basis for believing that you
1 - 100 of 141 matches
Mail list logo