>>>>> "Raj" == Raj Shekhar <[EMAIL PROTECTED]> writes:
Raj> in infinite wisdom Sumit Malhotra spoke thus On 09/23/2005
Raj> 10:27 AM:
>> The SSL provides two layer of Security 1. SSL Layer for
>> encryption
>>
>> A warning Message for wrong certificate *generally* indicates
>> a. The Server you are connecting has wrong certificate
>> installed. OR b. A man in middle Attack is in progress.
>>
>> Hence, the purpose of saving your self from getting sniffed
>> will void.
Raj> Yes, I agree. However, if the data passing on the network is
Raj> quite sensitive, then you are better off putting the vhosts
Raj> on different IP and generating a SSL certificate for each.
Raj> If, however, you want to have a quick hack to prevent the
Raj> script kiddies from snooping your passwords (when using
Raj> phpmyadmin or a cms running on http), then you can use the
Raj> above method. It is not foolproof - please see the article I
Raj> pointed out. The author notes that
Raj> " When you run multiple SSL sites from a single certificate,
Raj> you have the same level of encryption that you would have on
Raj> any "correctly configured" SSL site. However, you completely
Raj> forfeit any authentication ordinarily offered by SSL. "
When do you need validation and verification? Usually when you're
doing e-commerce on the SSL site and want the user to feel secure that
s/he is connecting to the right place and giving his/her CC number.
Encryption, OTOH, is much more prevalent and ensures that your data is
protected in transit. Useful if you're filling confidential
information into web forms, etc., which many of us do on a daily
basis. The method suggested (allowing encryption without
verification) is a good way to achieve the latter. If you're, e.g.,
accepting CC numbers you would have paid for an extra IP and a
(useless IMO) global certificate anyway :)
BTW, I think you can get around the mis-match warning problem by
running your SSL VHOSTS on separate ports. Can anyone confirm/deny
this?
Regards,
-- Raju
--
Raj Mathur [EMAIL PROTECTED] http://kandalaya.org/
GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F
It is the mind that moves
_______________________________________________
ilugd mailinglist -- ilugd@lists.linux-delhi.org
http://frodo.hserus.net/mailman/listinfo/ilugd
Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi
http://www.mail-archive.com/ilugd@lists.linux-delhi.org/
Event: Freedel 2005, 17th & 18th September, 2005 - http://freedel.in
