On Tuesday 13 March 2001 09:59, Sam Newman wrote:
> Joe Wrote:
> > If you are using SSL then why even bother hashing the password? I think
> > the original poster said he/she could not use SSL (but I may be
> > mistaken).
>
> Well, we want to avoid SSL if possible. Certificates for the servers aren't
> that cheap, and we could potentially have quite a few servers. As we're a
> startup company, I don't really want to commit ourselves to get SSL, seeing
> as with SSL is only partly about encryption - its more to do with making
> sure yiour dealing with trusted parties.
As far as I known, you do NOT need Certificates, you can run SSL encryption
without them, certificates are just for identify without doubt that a server
is who it says. By other side, you can create your own certificates but
they'll be not signed by a hmmmm... certification authority.
Please, excuse my poor english.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
