| Re: Digest Authentication [message #179937 is a reply to message #179924] |
Thu, 20 December 2012 04:59   |
dhtmlkitchen
Messages: 4
Registered: December 2012
Karma:
|
Junior Member |
|
|
On Wednesday, December 19, 2012 12:02:21 PM UTC-8, Jerry Stuckle wrote:
> On 12/19/2012 12:40 PM, dhtmlkitchen(at)gmail(dot)com wrote:
>
>> On Tuesday, December 18, 2012 6:08:59 PM UTC-8, Jerry Stuckle wrote:
>
>>> On 12/18/2012 8:55 PM, xkit wrote:
>
>>>
>
>>>> On Dec 13, 8:15 pm, Jerry Stuckle <jstuck...@attglobal.net> wrote:
>
>>>
>
>>>> > On 12/13/2012 7:49 PM, dhtmlkitc...@gmail.com wrote:
>
>>>
>
>> [snip entire quoted message NOTE:
>
>> Never fullquote on USENET (quotes the whole message, signature). QUote *only* the parts you are replying to. Otherwise, there is no dialogue; no back and forth.
>
>>
>
>> When replying type your reply, then review the entire message.
>
>>
>
>
>
> I will quote what I feel is appropriate. In this case, it was ALL
>
> appropriate.
>
>
>
>>> If you're doing ecommerce (even if you're using Paypal), you NEED to use
>
>>>
>
>>> https. Otherwise your site is NOT secure. It is too easy to intercept
>
>>>
>
>> What it?
>
>>
>
>> There are a lot of sites that navigate from http (not https) site to paypal. Are you telling me that this is a security issue? And if not, then where exactly do *you* see the security hole and what do you see being at risk (you wrote "everything" (including the moon?)).
>
>>
>
>
>
> It's not just PayPal involved in your site security. Oh, but I forgot.
>
> You didn't want me to quote the appropriate text.
>
>
>
>>> the data being entered - i.e. someone using a wireless hot spot, on a
>
>>>
>
>>> cable modem at home or any of a couple of dozen other connections will
>
>>>
>
>>> easily allow a hacker to get everything he/she wants.
>
>>>
>
>> Again, what is everything [that the hacker wants]? And how does any hacker get all of these things? Please explain, if you can.
>
>>
>
>
>
> Exactly what I said. But I'm not going to even try to explain basic
>
> Internet security to someone who obviously has no clue.
Uh huh. So when asked to explain your dubious statements, you superciliously declined.
You're not making a very good impression so far :-(.
>
>>> And if your site is hacked, the cost of NOT using it is much, much
>
>>>
>
>>> higher than the cost of using it. If you can't afford it, you can't
>
>>>
>
>>> afford the site.
>
>>>
>
>>>
>
>>>
>
>>> Read M. Strobel's post. And if you're not familiar with creating a
>
>>>
>
>> "This is a feature that is offered completely functional by the web server. " ...
>
>>
>
>
>
> That doesn't mean it is secure. And in this case, it definitely IS NOT.
>
Whatever you mean by *it* is not specifically clear.
>
>
>>> secure site, hire someone who is. This is not a job for a beginner.
>
Haughtily having a hard time explaining yourself?
>>>
>
>> Apparently noone here is qualified or willing to explain this task. I'm sure someone has made a secure site and is capable of reading, understanding, making security assessment and giving technical advise.
>
>>
>
>
>
> Yes, I'm qualified to explain it.
Yep, you've sure made clear your ability to explain things.
But I'm not even going to try in a
>
> newsgroup post. It's way too big.
>
That sounds like something you'd say.
>
>
>>>
>
>>>
>
>>> And BTW - giving a "hidden URL" is no security at all.
>
>>>
>
>> And that is why I advised the client to not do that, AISB.
>
>>
>
>
>
> At least that's a start. But again - I suggest you get someone who
>
> UNDERSTANDS security.
Better yet, someone who can explain what he claims to understand.
It's much more than cutting and pasting some code
>
> you found on a web site (even if it is php.net). You obviously don't,
>
> and it's way too important.
>
>
>
> And once again, it's way too complicated to even try to begin to explain
>
> over usenet. Understanding real security takes a LOT of time and learning.
I see. Sorry you're having such a hard time explaining yourself!
>
>
>
> That's why you haven't gotten more detailed answers here.
>
>
>
> And BTW - I build secure sites all the time. They ALL include https -
>
> but NONE of them include web server authentication. It's barely ok for
>
> low security sites, but not ecommerce.
>
Concluding with a vague generalization. I get you.
--
Garrett
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]