the problem is your own encryption isn't signed by a third party, which means if someone hack into your server, they could compromise the security.
Hackers are smart and have tons of free time. If there's a hole, it will be found and exploited. Most big e-comm sites use hardware acceleration to improve the performance. If you're going to handle moderate SSL traffic, you should get hardware acceleration that sits between the webservers and the browser. Look at BigIP, network SSL modules or other hardware solutions. there are companies selling ssl ethernet cards for systems if you don't need heavy duty SSL. peter lin "Drinkwater, GJ (Glen)" wrote: > > Hi > > I am not am expert in the security of the web at the moment. > Could you explain to me why this would open such a big secuirty hole from > swapping from https to https. > > I was suggesting this because it read this i a 'professional j2ee' book?!! > > The problem i have is that i need the username and password to be encrypted > but i have heard that ssl hits performance quite badly!! I dont think that > i could handle filtering, so what do you suggest for the security?? > > What is the 'norm' for these such problems. > > Thanks Glen. > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
