| Re: Digest Authentication [message #179921 is a reply to message #179915] |
Wed, 19 December 2012 17:40   |
dhtmlkitchen
Messages: 4
Registered: December 2012
Karma:
|
Junior Member |
|
|
On Tuesday, December 18, 2012 6:08:59 PM UTC-8, Jerry Stuckle wrote:
> On 12/18/2012 8:55 PM, xkit wrote:
>
>> On Dec 13, 8:15 pm, Jerry Stuckle <jstuck...@attglobal.net> wrote:
>
>>> On 12/13/2012 7:49 PM, dhtmlkitc...@gmail.com wrote:
>
[snip entire quoted message NOTE:
Never fullquote on USENET (quotes the whole message, signature). QUote *only* the parts you are replying to. Otherwise, there is no dialogue; no back and forth.
When replying type your reply, then review the entire message.
> If you're doing ecommerce (even if you're using Paypal), you NEED to use
>
> https. Otherwise your site is NOT secure. It is too easy to intercept
>
What it?
There are a lot of sites that navigate from http (not https) site to paypal.. Are you telling me that this is a security issue? And if not, then where exactly do *you* see the security hole and what do you see being at risk (you wrote "everything" (including the moon?)).
> the data being entered - i.e. someone using a wireless hot spot, on a
>
> cable modem at home or any of a couple of dozen other connections will
>
> easily allow a hacker to get everything he/she wants.
>
Again, what is everything [that the hacker wants]? And how does any hacker get all of these things? Please explain, if you can.
>
>
> And if your site is hacked, the cost of NOT using it is much, much
>
> higher than the cost of using it. If you can't afford it, you can't
>
> afford the site.
>
>
>
> Read M. Strobel's post. And if you're not familiar with creating a
>
"This is a feature that is offered completely functional by the web server. " ...
> secure site, hire someone who is. This is not a job for a beginner.
>
Apparently noone here is qualified or willing to explain this task. I'm sure someone has made a secure site and is capable of reading, understanding, making security assessment and giving technical advise.
>
>
> And BTW - giving a "hidden URL" is no security at all.
>
And that is why I advised the client to not do that, AISB.
--
Garrett
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]