FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Digest Authentication
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Digest Authentication [message #179937 is a reply to message #179924] Thu, 20 December 2012 04:59 Go to previous messageGo to previous message
dhtmlkitchen is currently offline  dhtmlkitchen
Messages: 4
Registered: December 2012
Karma:
Junior Member
On Wednesday, December 19, 2012 12:02:21 PM UTC-8, Jerry Stuckle wrote:
> On 12/19/2012 12:40 PM, dhtmlkitchen(at)gmail(dot)com wrote:
>
>> On Tuesday, December 18, 2012 6:08:59 PM UTC-8, Jerry Stuckle wrote:
>
>>> On 12/18/2012 8:55 PM, xkit wrote:
>
>>>
>
>>>> On Dec 13, 8:15 pm, Jerry Stuckle <jstuck...@attglobal.net> wrote:
>
>>>
>
>>>> > On 12/13/2012 7:49 PM, dhtmlkitc...@gmail.com wrote:
>
>>>
>
>> [snip entire quoted message NOTE:
>
>> Never fullquote on USENET (quotes the whole message, signature). QUote *only* the parts you are replying to. Otherwise, there is no dialogue; no back and forth.
>
>>
>
>> When replying type your reply, then review the entire message.
>
>>
>
>
>
> I will quote what I feel is appropriate. In this case, it was ALL
>
> appropriate.
>
>
>
>>> If you're doing ecommerce (even if you're using Paypal), you NEED to use
>
>>>
>
>>> https. Otherwise your site is NOT secure. It is too easy to intercept
>
>>>
>
>> What it?
>
>>
>
>> There are a lot of sites that navigate from http (not https) site to paypal. Are you telling me that this is a security issue? And if not, then where exactly do *you* see the security hole and what do you see being at risk (you wrote "everything" (including the moon?)).
>
>>
>
>
>
> It's not just PayPal involved in your site security. Oh, but I forgot.
>
> You didn't want me to quote the appropriate text.
>
>
>
>>> the data being entered - i.e. someone using a wireless hot spot, on a
>
>>>
>
>>> cable modem at home or any of a couple of dozen other connections will
>
>>>
>
>>> easily allow a hacker to get everything he/she wants.
>
>>>
>
>> Again, what is everything [that the hacker wants]? And how does any hacker get all of these things? Please explain, if you can.
>
>>
>
>
>
> Exactly what I said. But I'm not going to even try to explain basic
>
> Internet security to someone who obviously has no clue.

Uh huh. So when asked to explain your dubious statements, you superciliously declined.

You're not making a very good impression so far :-(.


>
>>> And if your site is hacked, the cost of NOT using it is much, much
>
>>>
>
>>> higher than the cost of using it. If you can't afford it, you can't
>
>>>
>
>>> afford the site.
>
>>>
>
>>>
>
>>>
>
>>> Read M. Strobel's post. And if you're not familiar with creating a
>
>>>
>
>> "This is a feature that is offered completely functional by the web server. " ...
>
>>
>
>
>
> That doesn't mean it is secure. And in this case, it definitely IS NOT.
>
Whatever you mean by *it* is not specifically clear.

>
>
>>> secure site, hire someone who is. This is not a job for a beginner.
>
Haughtily having a hard time explaining yourself?

>>>
>
>> Apparently noone here is qualified or willing to explain this task. I'm sure someone has made a secure site and is capable of reading, understanding, making security assessment and giving technical advise.
>
>>
>
>
>
> Yes, I'm qualified to explain it.

Yep, you've sure made clear your ability to explain things.


But I'm not even going to try in a
>
> newsgroup post. It's way too big.
>
That sounds like something you'd say.

>
>
>>>
>
>>>
>
>>> And BTW - giving a "hidden URL" is no security at all.
>
>>>
>
>> And that is why I advised the client to not do that, AISB.
>
>>
>
>
>
> At least that's a start. But again - I suggest you get someone who
>
> UNDERSTANDS security.

Better yet, someone who can explain what he claims to understand.

It's much more than cutting and pasting some code
>
> you found on a web site (even if it is php.net). You obviously don't,
>
> and it's way too important.
>
>
>
> And once again, it's way too complicated to even try to begin to explain
>
> over usenet. Understanding real security takes a LOT of time and learning.

I see. Sorry you're having such a hard time explaining yourself!

>
>
>
> That's why you haven't gotten more detailed answers here.
>
>
>
> And BTW - I build secure sites all the time. They ALL include https -
>
> but NONE of them include web server authentication. It's barely ok for
>
> low security sites, but not ecommerce.
>
Concluding with a vague generalization. I get you.
--
Garrett
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: Using echo to run separate PHP script from HTML
Next Topic: simple dating site
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Wed Nov 27 02:34:58 GMT 2024

Total time taken to generate the page: 0.04550 seconds