Re: OT: SSL Necessary? Important?
On Thursday 24 Jan 2008, Rick Faircloth wrote: > I think the important thing here is to anything and everything > the client wants as long as they're willing to pay for it, Hell yes :-) -- Tom Chiverton Helping to dynamically strategize plug-and-play e-business on: http://thefalken.livejournal.com This email is sent for and on behalf of Halliwells LLP. Halliwells LLP is a limited liability partnership registered in England and Wales under registered number OC307980 whose registered office address is at Halliwells LLP, 3 Hardman Square, Spinningfields, Manchester, M3 3EB. A list of members is available for inspection at the registered office. Any reference to a partner in relation to Halliwells LLP means a member of Halliwells LLP. Regulated by The Solicitors Regulation Authority. CONFIDENTIALITY This email is intended only for the use of the addressee named above and may be confidential or legally privileged. If you are not the addressee you must not read it and must not use any information contained in nor copy it nor inform any person other than Halliwells LLP or the addressee of its existence or contents. If you have received this email in error please delete it and notify Halliwells LLP IT Department on 0870 365 2500. For more information about Halliwells LLP visit www.halliwells.com. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:297558 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: OT: SSL Necessary? Important?
A quote From "O Brother, Where Art Thou?" "This stew's awful good." Wash responds, "You think so? I slaughtered this horse last Tuesday. I'm afraid she's startin' to turn." Just sayin'... ;) On Jan 25, 2008 5:33 PM, James Holmes <[EMAIL PROTECTED]> wrote: > Yes, wildcard certs work fine under Apache too. > > On Jan 26, 2008 2:20 AM, Dave Watts <[EMAIL PROTECTED]> wrote: > > > I'd like to see some proof of this. Is this only with > > > wildcard certs (in which case it would only work for > > > *.domainname.com), or it is for any kind of cert (such that > > > you can have www.example.com and www.example2.com) on the > > > same IP with no SSL problems? > > > > Wildcard certs only. I neglected to mention that in my initial response, > but > > added it in a followup. > > -- > mxAjax / CFAjax docs and other useful articles: > http://www.bifrost.com.au/blog/ > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:297504 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: OT: SSL Necessary? Important?
Yes, wildcard certs work fine under Apache too. On Jan 26, 2008 2:20 AM, Dave Watts <[EMAIL PROTECTED]> wrote: > > I'd like to see some proof of this. Is this only with > > wildcard certs (in which case it would only work for > > *.domainname.com), or it is for any kind of cert (such that > > you can have www.example.com and www.example2.com) on the > > same IP with no SSL problems? > > Wildcard certs only. I neglected to mention that in my initial response, but > added it in a followup. -- mxAjax / CFAjax docs and other useful articles: http://www.bifrost.com.au/blog/ ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:297489 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: OT: SSL Necessary? Important?
> I'd like to see some proof of this. Is this only with > wildcard certs (in which case it would only work for > *.domainname.com), or it is for any kind of cert (such that > you can have www.example.com and www.example2.com) on the > same IP with no SSL problems? Wildcard certs only. I neglected to mention that in my initial response, but added it in a followup. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:297443 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: OT: SSL Necessary? Important?
I'd like to see some proof of this. Is this only with wildcard certs (in which case it would only work for *.domainname.com), or it is for any kind of cert (such that you can have www.example.com and www.example2.com) on the same IP with no SSL problems? Russ > -Original Message- > From: Dave Watts [mailto:[EMAIL PROTECTED] > Sent: Thursday, January 24, 2008 7:09 PM > To: CF-Talk > Subject: RE: OT: SSL Necessary? Important? > > > typically no, because "virtual hosting" relies on host > > headers. The web server doesn't receive the headers until > > after the connection is established. > > This appears to no longer be the case with IIS 6, at least. To be honest, > I'm not exactly sure how this works with IIS 6, but it appears that you > can > have multiple virtual servers sharing the same IP address for SSL/TLS. > > Dave Watts, CTO, Fig Leaf Software > http://www.figleaf.com/ > > Fig Leaf Software provides the highest caliber vendor-authorized > instruction at our training centers in Washington DC, Atlanta, > Chicago, Baltimore, Northern Virginia, or on-site at your location. > Visit http://training.figleaf.com/ for more information! > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:297431 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: OT: SSL Necessary? Important?
I'm not in a shared environment. I have my own VPS. > -Original Message- > From: Dave Watts [mailto:[EMAIL PROTECTED] > Sent: Thursday, January 24, 2008 7:47 PM > To: CF-Talk > Subject: RE: OT: SSL Necessary? Important? > > > I've never implemented and SSL cert, so I'm not sure, but I > > thought each SSL had to have a dedicated IP. ??? > > This used to be the case, but isn't any more: > http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/5 > 96b9108-b1a7-494d-885d-f8941b07554c.mspx?mfr=true > > However, I'm pretty sure this is limited to wildcard certificates, which > probably isn't too helpful in a shared hosting environment. > > Dave Watts, CTO, Fig Leaf Software > http://www.figleaf.com/ > > Fig Leaf Software provides the highest caliber vendor-authorized > instruction at our training centers in Washington DC, Atlanta, > Chicago, Baltimore, Northern Virginia, or on-site at your location. > Visit http://training.figleaf.com/ for more information! > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:297386 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: OT: SSL Necessary? Important?
> I tell clients with "public" web sites that they probably > need a cert from a popular reputable provider in order to > avoid the browser warning. But the thing to remember is that > (in most cases) the warning is saying that "your company" may > not be ok ... Not that the information is unencrypted or less > secure. SSL works the same whether you are using a commercial > cert or a self-signed cert... You data is still encrypted, > it's just that the browser can't "check" with anyone to prove > you are a reputable business. Having said that, the only > thing really required to "prove" you are reputable is that > you shell out to Verisign or someone to say it on your behalf > - so it really is a sort of protection racket. This has nothing to do with whether your business is reputable. It has to do with whether your business is, in fact, the business it identifies itself as. The certificate authority that issues your certificate identifies your business as an ongoing concern, and the owner of the domain in question. So, when users go to that domain, the certificate authority guarantees that you are in fact the legitimate owner of that domain, and that they're actually visiting the domain they typed into the browser. The purpose of SSL/TLS is not just encryption, it's verification. This is no more a protection racket than, say, state-issued drivers licenses. You are free to create your own certificate authority, and convince Microsoft and the Mozilla Foundation to include your own root certificate in their browsers. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:297380 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: OT: SSL Necessary? Important?
> I've never implemented and SSL cert, so I'm not sure, but I > thought each SSL had to have a dedicated IP. ??? This used to be the case, but isn't any more: http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/5 96b9108-b1a7-494d-885d-f8941b07554c.mspx?mfr=true However, I'm pretty sure this is limited to wildcard certificates, which probably isn't too helpful in a shared hosting environment. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:297379 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: OT: SSL Necessary? Important?
> Why would anybody spend more then $20 a year on an SSL cert? > Godaddy's certs are perfectly adequate. unless you have a large enough number of users visiting your site, in which case some of them with older computers won't recognize the certificate as valid because they don't have the appropriate root certificates installed. Here's a good breakdown (in my opinion, of course) of how to determine what sort of certificate to buy: http://www.boutell.com/newfaq/creating/whichcert.html Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:297376 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: OT: SSL Necessary? Important?
> typically no, because "virtual hosting" relies on host > headers. The web server doesn't receive the headers until > after the connection is established. This appears to no longer be the case with IIS 6, at least. To be honest, I'm not exactly sure how this works with IIS 6, but it appears that you can have multiple virtual servers sharing the same IP address for SSL/TLS. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:297373 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: OT: SSL Necessary? Important?
> You can always generate a "bogus" certificate for free (Like > the default "Snake Oil" cert that is created by Apache). > > You will get the same level of encryption as a digitally signed cert > (i.e: one that costs money) but the browser will complain > about it not being signed or something of that nature I > forgot the details as it was a couple of years ago. Self-signed certificates aren't "bogus", and they are digitally signed. They're signed using the same software used to generate the certificate. These are admittedly small nits to pick, but additional clarity is usually a good thing. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:297374 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: OT: SSL Necessary? Important?
Godaddy certs are $20 all the time... I think they're on sale for $15 now or something... Russ > -Original Message- > From: Rick Root [mailto:[EMAIL PROTECTED] > Sent: Thursday, January 24, 2008 5:29 PM > To: CF-Talk > Subject: Re: OT: SSL Necessary? Important? > > On 1/24/08, Russ <[EMAIL PROTECTED]> wrote: > > Why would anybody spend more then $20 a year on an SSL cert? Godaddy's > > certs are perfectly adequate. > > That depends if it's an introductory rate or not. I wouldn't buy a > $20 cert if I had to pay $90 to renew it, rather I'd just buy the $25 > certs that I pointed out earlier, since it's not a "sale" > > Rick > > -- > Rick Root > New Brian Vander Ark Album, songs in the music player and cool behind > the scenes video at www.myspace.com/brianvanderark > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:297370 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: OT: SSL Necessary? Important?
On 1/24/08, Russ <[EMAIL PROTECTED]> wrote: > Why would anybody spend more then $20 a year on an SSL cert? Godaddy's > certs are perfectly adequate. That depends if it's an introductory rate or not. I wouldn't buy a $20 cert if I had to pay $90 to renew it, rather I'd just buy the $25 certs that I pointed out earlier, since it's not a "sale" Rick -- Rick Root New Brian Vander Ark Album, songs in the music player and cool behind the scenes video at www.myspace.com/brianvanderark ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:297361 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: OT: SSL Necessary? Important?
Possibly... but the Scripture also teaches Christians to be wise as serpents... :o) Rick > -Original Message- > From: Claude Schneegans [mailto:[EMAIL PROTECTED] > Sent: Thursday, January 24, 2008 12:45 PM > To: CF-Talk > Subject: Re: OT: SSL Necessary? Important? > > >>But the church is also asking about an encrypted connection using an SSL > certificate. > > What a meanness! Don't they have some sort of divine protection already? ;-) > > -- > ___ > REUSE CODE! Use custom tags; > See http://www.contentbox.com/claude/customtags/tagstore.cfm > (Please send any spam to this address: [EMAIL PROTECTED]) > Thanks. > > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:297352 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: OT: SSL Necessary? Important?
FYI: I have a blog on this topic... http://www.coldfusionmuse.com/index.cfm/2005/12/1/ca I tell clients with "public" web sites that they probably need a cert from a popular reputable provider in order to avoid the browser warning. But the thing to remember is that (in most cases) the warning is saying that "your company" may not be ok ... Not that the information is unencrypted or less secure. SSL works the same whether you are using a commercial cert or a self-signed cert... You data is still encrypted, it's just that the browser can't "check" with anyone to prove you are a reputable business. Having said that, the only thing really required to "prove" you are reputable is that you shell out to Verisign or someone to say it on your behalf - so it really is a sort of protection racket. -Mark -Original Message- From: Rick Root [mailto:[EMAIL PROTECTED] Sent: Thursday, January 24, 2008 11:17 AM To: CF-Talk Subject: Re: OT: SSL Necessary? Important? On 1/24/08, Tom Chiverton <[EMAIL PROTECTED]> wrote: > On Thursday 24 Jan 2008, James Holmes wrote: > > A dedicated IP is probably necessary with your host, since I assume > > you're sharing an IP right now. > > You can serve multiple different SSL'ed domains from the same IP, can't you ? > Your existing hose may also have a cheaper deal too. typically no, because "virtual hosting" relies on host headers. The web server doesn't receive the headers until after the connection is established. As for self-signing with OpenSSL - it's not a viable option at all unless you're doing it for an intranet or a site with a VERY VERY small base of users (like 2-3 users).. cuz then you can tell the 2-3 users to ignore the certificate warning. But that's STILL a security risk to you and those 2-3 users. I've found this reseller to be reliable and cheap - they've been in business for a long time and they're still there, and still cheap. http://www.spacereg.com/webcert.html the StarterSSL certificate is only $25/year with 96% browser recognition go up to the QuickSSL to get 99% recognition at $80/year... Rick -- Rick Root New Brian Vander Ark Album, songs in the music player and cool behind the scenes video at www.myspace.com/brianvanderark ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:297333 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: OT: SSL Necessary? Important?
Generally speaking, many (most?) hosts offer shared Certificates for free. You can get a free cert from http://cert.startcom.org/ I have done this before and it works fine for non e-commerce related stuff. I don't know all the details on what is what with these certificates as I spent one afternoon on it 2 years ago so I could lock down an intranet. You can always generate a "bogus" certificate for free (Like the default "Snake Oil" cert that is created by Apache). You will get the same level of encryption as a digitally signed cert (i.e: one that costs money) but the browser will complain about it not being signed or something of that nature I forgot the details as it was a couple of years ago. Jerry Guido Programmer MGT of America, Inc. [EMAIL PROTECTED] The information contained in this electronic communication is intended only for the use of the addressee, and may be a confidential communication. If you are not the intended recipient, you are hereby notified that you have received this transmittal in error; any review, dissemination, distribution or copying of this transmittal is strictly prohibited. -Original Message- From: J.J. Merrick [mailto:[EMAIL PROTECTED] Sent: Thursday, January 24, 2008 9:10 AM To: CF-Talk Subject: Re: OT: SSL Necessary? Important? yeah, it really isn't bad. Depending on the host they might have a shared SSL cert you can use. Essentially they just map your site as a folder underneath a larger site. In the end it is like $20 for a low-end cert that will get you the encryption you want/need and a couple of bucks for a static IP a month from their webhost. J.J. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:297318 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: OT: SSL Necessary? Important?
Or RapidSSL for $13-15 per year. http://www.namecheap.com/learn/other-services/ssl-certificates.asp I bought a RapidSSL cert for our intranet yesterday and a QuickSSL cert for another site. Beside the domain name in the Subject, they're identical except for the entity listed as the Issuer. It's RapidSSL in one and GeoTrust in the other. That's all you're paying extra for. But RapidSSL is a division of GeoTrust and GeoTrust is now owned by Verisgn. The SSL certificate business is a racket. - Original Message - From: "Rick Root" <[EMAIL PROTECTED]> To: "CF-Talk" Sent: Thursday, January 24, 2008 10:16 AM Subject: Re: OT: SSL Necessary? Important? > On 1/24/08, Tom Chiverton <[EMAIL PROTECTED]> wrote: >> On Thursday 24 Jan 2008, James Holmes wrote: >> > A dedicated IP is probably necessary with your host, since I assume >> > you're sharing an IP right now. >> >> You can serve multiple different SSL'ed domains from the same IP, can't >> you ? >> Your existing hose may also have a cheaper deal too. > > typically no, because "virtual hosting" relies on host headers. The > web server doesn't receive the headers until after the connection is > established. > > As for self-signing with OpenSSL - it's not a viable option at all > unless you're doing it for an intranet or a site with a VERY VERY > small base of users (like 2-3 users).. cuz then you can tell the 2-3 > users to ignore the certificate warning. But that's STILL a security > risk to you and those 2-3 users. > > I've found this reseller to be reliable and cheap - they've been in > business for a long time and they're still there, and still cheap. > > http://www.spacereg.com/webcert.html > > the StarterSSL certificate is only $25/year with 96% browser > recognition go up to the QuickSSL to get 99% recognition at > $80/year... > > Rick > > > -- > Rick Root > New Brian Vander Ark Album, songs in the music player and cool behind > the scenes video at www.myspace.com/brianvanderark > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:297334 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: OT: SSL Necessary? Important?
>>Of course users may not desire the warning about an untrusted cert and this can be worse than no protection at all. -- ___ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: [EMAIL PROTECTED]) Thanks. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:297314 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: OT: SSL Necessary? Important?
You can, if you can live with getting cert warnings. For that matter, if your clients don't care about the warning, or are willing to import the self sign key into their local systems, a self signed certificate is just as secure (in terms of protecting data as it passes through the internet) as one you buy for $600. Russ > -Original Message- > From: Tom Chiverton [mailto:[EMAIL PROTECTED] > Sent: Thursday, January 24, 2008 9:37 AM > To: CF-Talk > Subject: Re: OT: SSL Necessary? Important? > > On Thursday 24 Jan 2008, James Holmes wrote: > > A dedicated IP is probably necessary with your host, since I assume > > you're sharing an IP right now. > > You can serve multiple different SSL'ed domains from the same IP, can't > you ? > Your existing hose may also have a cheaper deal too. > > -- > Tom Chiverton > Helping to completely fashion clicks-and-mortar developments > on: http://thefalken.livejournal.com > > > > This email is sent for and on behalf of Halliwells LLP. > > Halliwells LLP is a limited liability partnership registered in England > and Wales under registered number OC307980 whose registered office address > is at Halliwells LLP, 3 Hardman Square, Spinningfields, Manchester, M3 > 3EB. A list of members is available for inspection at the registered > office. Any reference to a partner in relation to Halliwells LLP means a > member of Halliwells LLP. Regulated by The Solicitors Regulation > Authority. > > CONFIDENTIALITY > > This email is intended only for the use of the addressee named above and > may be confidential or legally privileged. If you are not the addressee > you must not read it and must not use any information contained in nor > copy it nor inform any person other than Halliwells LLP or the addressee > of its existence or contents. If you have received this email in error > please delete it and notify Halliwells LLP IT Department on 0870 365 2500. > > For more information about Halliwells LLP visit www.halliwells.com. > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:297325 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: OT: SSL Necessary? Important?
I think the important thing here is to anything and everything the client wants as long as they're willing to pay for it, so I'm covered in the event of problems. > -Original Message- > From: Tom Chiverton [mailto:[EMAIL PROTECTED] > Sent: Thursday, January 24, 2008 10:17 AM > To: CF-Talk > Subject: Re: OT: SSL Necessary? Important? > > On Thursday 24 Jan 2008, J.J. Merrick wrote: > > And on the topic I would say that it probably is overkill but a lot of > > times peoples perception of security makes them happy. > > But most web browser uses can't tell the difference between TLS and non-TLS, > so sometimes you have to ask yourself if it's worth it at all. > Given users hand over their passwords to a stranger for a chocolate bar.. > > -- > Tom Chiverton, it's not been called SSL for a few years now... ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:297321 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: OT: SSL Necessary? Important?
>>But the church is also asking about an encrypted connection using an SSL certificate. What a meanness! Don't they have some sort of divine protection already? ;-) -- ___ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: [EMAIL PROTECTED]) Thanks. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:297332 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: OT: SSL Necessary? Important?
Yeah, I agree with that JJ... > -Original Message- > From: J.J. Merrick [mailto:[EMAIL PROTECTED] > Sent: Thursday, January 24, 2008 9:24 AM > To: CF-Talk > Subject: Re: OT: SSL Necessary? Important? > > And on the topic I would say that it probably is overkill but a lot of > times peoples perception of security makes them happy. I think it is a > far more worst security risk that someone just downloads the thing and > sells it then for someone to sniff the packets to get a couple of > addresses and phone numbers. > > It's like here in nashville there was a breakin at the election > commission and laptops were stolen with all the voter roles on them... > which meant SS numbers etc. People freaked out and the city ended up > having to pay for credit monitoring services and send out 2 mailed > letters to everyone registered to vote in Davidson County. Probably > not cheap at all. > > Come to find out the laptops were stolen by a homeless guy along with > a space heater and a radio. They recovered the laptops only to > discover they weren't even turned on! > > In the end give the client what they want and if they are willing to > pay a little bit more for a sense of security have at it. > > J.J. > > On 1/24/08, J.J. Merrick <[EMAIL PROTECTED]> wrote: > > yeah, it really isn't bad. Depending on the host they might have a > > shared SSL cert you can use. Essentially they just map your site as a > > folder underneath a larger site. > > > > In the end it is like $20 for a low-end cert that will get you the > > encryption you want/need and a couple of bucks for a static IP a > > month from their webhost. > > > > J.J. > > > > On 1/24/08, Rick Faircloth <[EMAIL PROTECTED]> wrote: > > > What's the total cost, typically? > > > > > > Cost of the SSL Cert, plus a dedicated IP (required, correct?), > > > plus whatever other charges an ISP may charge? > > > > > > Rick > > > > > > > -Original Message- > > > > From: James Holmes [mailto:[EMAIL PROTECTED] > > > > Sent: Thursday, January 24, 2008 1:02 AM > > > > To: CF-Talk > > > > Subject: Re: OT: SSL Necessary? Important? > > > > > > > > On Jan 24, 2008 11:38 AM, Claude Schneegans <[EMAIL PROTECTED]> wrote: > > > > > >>Is the SSL encryption overkill for something like this? > > > > > > > > > > IMHO yes. > > > > > Unless they are willing to pay for more protection, because it is not > > > > > free. > > > > > > > > Unless they use OpenSSL and self-sign, which is free. Of course users > > > > may not desire the warning about an untrusted cert, so it's not > > > > perfect. > > > > > > > > -- > > > > mxAjax / CFAjax docs and other useful articles: > > > > http://www.bifrost.com.au/blog/ > > > > > > > > > > > > > > > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:297310 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: OT: SSL Necessary? Important?
On 1/24/08, Tom Chiverton <[EMAIL PROTECTED]> wrote: > On Thursday 24 Jan 2008, James Holmes wrote: > > A dedicated IP is probably necessary with your host, since I assume > > you're sharing an IP right now. > > You can serve multiple different SSL'ed domains from the same IP, can't you ? > Your existing hose may also have a cheaper deal too. typically no, because "virtual hosting" relies on host headers. The web server doesn't receive the headers until after the connection is established. As for self-signing with OpenSSL - it's not a viable option at all unless you're doing it for an intranet or a site with a VERY VERY small base of users (like 2-3 users).. cuz then you can tell the 2-3 users to ignore the certificate warning. But that's STILL a security risk to you and those 2-3 users. I've found this reseller to be reliable and cheap - they've been in business for a long time and they're still there, and still cheap. http://www.spacereg.com/webcert.html the StarterSSL certificate is only $25/year with 96% browser recognition go up to the QuickSSL to get 99% recognition at $80/year... Rick -- Rick Root New Brian Vander Ark Album, songs in the music player and cool behind the scenes video at www.myspace.com/brianvanderark ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:297327 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: OT: SSL Necessary? Important?
I'm actually their host... I don't normally host sites that I don't develop, but for this one I did. I'm now on a VPS, so I have complete control over the system. And I have 5 IP's to use without extra cost. I need one for another client's SSL, but I can user another for the church's SSL. I'll check with the company that actually hosts my VPS and see if there are any additional charges. I think only one SSL comes with the VPS package. I'll have to verify that, however. Thanks for the feedback. Rick > -Original Message- > From: James Holmes [mailto:[EMAIL PROTECTED] > Sent: Thursday, January 24, 2008 9:04 AM > To: CF-Talk > Subject: Re: OT: SSL Necessary? Important? > > For example, digicert certs are $99: > > http://www.digicert.com/ > > A dedicated IP is probably necessary with your host, since I assume > you're sharing an IP right now. > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:297313 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: OT: SSL Necessary? Important?
Why would anybody spend more then $20 a year on an SSL cert? Godaddy's certs are perfectly adequate. Russ > -Original Message- > From: James Holmes [mailto:[EMAIL PROTECTED] > Sent: Thursday, January 24, 2008 9:04 AM > To: CF-Talk > Subject: Re: OT: SSL Necessary? Important? > > For example, digicert certs are $99: > > http://www.digicert.com/ > > A dedicated IP is probably necessary with your host, since I assume > you're sharing an IP right now. > > On Jan 24, 2008 10:04 PM, Rick Faircloth <[EMAIL PROTECTED]> wrote: > > What's the total cost, typically? > > > > Cost of the SSL Cert, plus a dedicated IP (required, correct?), > > plus whatever other charges an ISP may charge? > > > > Rick > > > > > > > -Original Message- > > > From: James Holmes [mailto:[EMAIL PROTECTED] > > > Sent: Thursday, January 24, 2008 1:02 AM > > > To: CF-Talk > > > Subject: Re: OT: SSL Necessary? Important? > > > > > > On Jan 24, 2008 11:38 AM, Claude Schneegans > <[EMAIL PROTECTED]> wrote: > > > > >>Is the SSL encryption overkill for something like this? > > > > > > > > IMHO yes. > > > > Unless they are willing to pay for more protection, because it is > not free. > > > > > > Unless they use OpenSSL and self-sign, which is free. Of course users > > > may not desire the warning about an untrusted cert, so it's not > > > perfect. > > > > > > -- > > > mxAjax / CFAjax docs and other useful articles: > > > http://www.bifrost.com.au/blog/ > > > > > > > > > > > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:297322 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: OT: SSL Necessary? Important?
I've never implemented and SSL cert, so I'm not sure, but I thought each SSL had to have a dedicated IP. ??? Rick > -Original Message- > From: Tom Chiverton [mailto:[EMAIL PROTECTED] > Sent: Thursday, January 24, 2008 9:37 AM > To: CF-Talk > Subject: Re: OT: SSL Necessary? Important? > > On Thursday 24 Jan 2008, James Holmes wrote: > > A dedicated IP is probably necessary with your host, since I assume > > you're sharing an IP right now. > > You can serve multiple different SSL'ed domains from the same IP, can't you ? > Your existing hose may also have a cheaper deal too. > > -- > Tom Chiverton > Helping to completely fashion clicks-and-mortar developments > on: http://thefalken.livejournal.com ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:297315 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: OT: SSL Necessary? Important?
On Thursday 24 Jan 2008, J.J. Merrick wrote: > And on the topic I would say that it probably is overkill but a lot of > times peoples perception of security makes them happy. But most web browser uses can't tell the difference between TLS and non-TLS, so sometimes you have to ask yourself if it's worth it at all. Given users hand over their passwords to a stranger for a chocolate bar.. -- Tom Chiverton, it's not been called SSL for a few years now... This email is sent for and on behalf of Halliwells LLP. Halliwells LLP is a limited liability partnership registered in England and Wales under registered number OC307980 whose registered office address is at Halliwells LLP, 3 Hardman Square, Spinningfields, Manchester, M3 3EB. A list of members is available for inspection at the registered office. Any reference to a partner in relation to Halliwells LLP means a member of Halliwells LLP. Regulated by The Solicitors Regulation Authority. CONFIDENTIALITY This email is intended only for the use of the addressee named above and may be confidential or legally privileged. If you are not the addressee you must not read it and must not use any information contained in nor copy it nor inform any person other than Halliwells LLP or the addressee of its existence or contents. If you have received this email in error please delete it and notify Halliwells LLP IT Department on 0870 365 2500. For more information about Halliwells LLP visit www.halliwells.com. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:297303 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: OT: SSL Necessary? Important?
On Thursday 24 Jan 2008, James Holmes wrote: > A dedicated IP is probably necessary with your host, since I assume > you're sharing an IP right now. You can serve multiple different SSL'ed domains from the same IP, can't you ? Your existing hose may also have a cheaper deal too. -- Tom Chiverton Helping to completely fashion clicks-and-mortar developments on: http://thefalken.livejournal.com This email is sent for and on behalf of Halliwells LLP. Halliwells LLP is a limited liability partnership registered in England and Wales under registered number OC307980 whose registered office address is at Halliwells LLP, 3 Hardman Square, Spinningfields, Manchester, M3 3EB. A list of members is available for inspection at the registered office. Any reference to a partner in relation to Halliwells LLP means a member of Halliwells LLP. Regulated by The Solicitors Regulation Authority. CONFIDENTIALITY This email is intended only for the use of the addressee named above and may be confidential or legally privileged. If you are not the addressee you must not read it and must not use any information contained in nor copy it nor inform any person other than Halliwells LLP or the addressee of its existence or contents. If you have received this email in error please delete it and notify Halliwells LLP IT Department on 0870 365 2500. For more information about Halliwells LLP visit www.halliwells.com. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:297295 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: OT: SSL Necessary? Important?
yeah, it really isn't bad. Depending on the host they might have a shared SSL cert you can use. Essentially they just map your site as a folder underneath a larger site. In the end it is like $20 for a low-end cert that will get you the encryption you want/need and a couple of bucks for a static IP a month from their webhost. J.J. On 1/24/08, Rick Faircloth <[EMAIL PROTECTED]> wrote: > What's the total cost, typically? > > Cost of the SSL Cert, plus a dedicated IP (required, correct?), > plus whatever other charges an ISP may charge? > > Rick > > > -Original Message- > > From: James Holmes [mailto:[EMAIL PROTECTED] > > Sent: Thursday, January 24, 2008 1:02 AM > > To: CF-Talk > > Subject: Re: OT: SSL Necessary? Important? > > > > On Jan 24, 2008 11:38 AM, Claude Schneegans <[EMAIL PROTECTED]> wrote: > > > >>Is the SSL encryption overkill for something like this? > > > > > > IMHO yes. > > > Unless they are willing to pay for more protection, because it is not > > > free. > > > > Unless they use OpenSSL and self-sign, which is free. Of course users > > may not desire the warning about an untrusted cert, so it's not > > perfect. > > > > -- > > mxAjax / CFAjax docs and other useful articles: > > http://www.bifrost.com.au/blog/ > > > > > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:297289 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: OT: SSL Necessary? Important?
And on the topic I would say that it probably is overkill but a lot of times peoples perception of security makes them happy. I think it is a far more worst security risk that someone just downloads the thing and sells it then for someone to sniff the packets to get a couple of addresses and phone numbers. It's like here in nashville there was a breakin at the election commission and laptops were stolen with all the voter roles on them... which meant SS numbers etc. People freaked out and the city ended up having to pay for credit monitoring services and send out 2 mailed letters to everyone registered to vote in Davidson County. Probably not cheap at all. Come to find out the laptops were stolen by a homeless guy along with a space heater and a radio. They recovered the laptops only to discover they weren't even turned on! In the end give the client what they want and if they are willing to pay a little bit more for a sense of security have at it. J.J. On 1/24/08, J.J. Merrick <[EMAIL PROTECTED]> wrote: > yeah, it really isn't bad. Depending on the host they might have a > shared SSL cert you can use. Essentially they just map your site as a > folder underneath a larger site. > > In the end it is like $20 for a low-end cert that will get you the > encryption you want/need and a couple of bucks for a static IP a > month from their webhost. > > J.J. > > On 1/24/08, Rick Faircloth <[EMAIL PROTECTED]> wrote: > > What's the total cost, typically? > > > > Cost of the SSL Cert, plus a dedicated IP (required, correct?), > > plus whatever other charges an ISP may charge? > > > > Rick > > > > > -Original Message- > > > From: James Holmes [mailto:[EMAIL PROTECTED] > > > Sent: Thursday, January 24, 2008 1:02 AM > > > To: CF-Talk > > > Subject: Re: OT: SSL Necessary? Important? > > > > > > On Jan 24, 2008 11:38 AM, Claude Schneegans <[EMAIL PROTECTED]> wrote: > > > > >>Is the SSL encryption overkill for something like this? > > > > > > > > IMHO yes. > > > > Unless they are willing to pay for more protection, because it is not > > > > free. > > > > > > Unless they use OpenSSL and self-sign, which is free. Of course users > > > may not desire the warning about an untrusted cert, so it's not > > > perfect. > > > > > > -- > > > mxAjax / CFAjax docs and other useful articles: > > > http://www.bifrost.com.au/blog/ > > > > > > > > > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:297292 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: OT: SSL Necessary? Important?
For example, digicert certs are $99: http://www.digicert.com/ A dedicated IP is probably necessary with your host, since I assume you're sharing an IP right now. On Jan 24, 2008 10:04 PM, Rick Faircloth <[EMAIL PROTECTED]> wrote: > What's the total cost, typically? > > Cost of the SSL Cert, plus a dedicated IP (required, correct?), > plus whatever other charges an ISP may charge? > > Rick > > > > -Original Message- > > From: James Holmes [mailto:[EMAIL PROTECTED] > > Sent: Thursday, January 24, 2008 1:02 AM > > To: CF-Talk > > Subject: Re: OT: SSL Necessary? Important? > > > > On Jan 24, 2008 11:38 AM, Claude Schneegans <[EMAIL PROTECTED]> wrote: > > > >>Is the SSL encryption overkill for something like this? > > > > > > IMHO yes. > > > Unless they are willing to pay for more protection, because it is not > > > free. > > > > Unless they use OpenSSL and self-sign, which is free. Of course users > > may not desire the warning about an untrusted cert, so it's not > > perfect. > > > > -- > > mxAjax / CFAjax docs and other useful articles: > > http://www.bifrost.com.au/blog/ > > > > > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:297288 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: OT: SSL Necessary? Important?
What's the total cost, typically? Cost of the SSL Cert, plus a dedicated IP (required, correct?), plus whatever other charges an ISP may charge? Rick > -Original Message- > From: James Holmes [mailto:[EMAIL PROTECTED] > Sent: Thursday, January 24, 2008 1:02 AM > To: CF-Talk > Subject: Re: OT: SSL Necessary? Important? > > On Jan 24, 2008 11:38 AM, Claude Schneegans <[EMAIL PROTECTED]> wrote: > > >>Is the SSL encryption overkill for something like this? > > > > IMHO yes. > > Unless they are willing to pay for more protection, because it is not free. > > Unless they use OpenSSL and self-sign, which is free. Of course users > may not desire the warning about an untrusted cert, so it's not > perfect. > > -- > mxAjax / CFAjax docs and other useful articles: > http://www.bifrost.com.au/blog/ > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:297284 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: OT: SSL Necessary? Important?
On Jan 24, 2008 11:38 AM, Claude Schneegans <[EMAIL PROTECTED]> wrote: > >>Is the SSL encryption overkill for something like this? > > IMHO yes. > Unless they are willing to pay for more protection, because it is not free. Unless they use OpenSSL and self-sign, which is free. Of course users may not desire the warning about an untrusted cert, so it's not perfect. -- mxAjax / CFAjax docs and other useful articles: http://www.bifrost.com.au/blog/ ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:297268 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: OT: SSL Necessary? Important?
>>Is the SSL encryption overkill for something like this? IMHO yes. Unless they are willing to pay for more protection, because it is not free. -- ___ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: [EMAIL PROTECTED]) Thanks. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:297252 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
OT: SSL Necessary? Important?
Hi, all. Pardon a quick OT question (or two). I have a client (church) that wants to have a directory that is accessible to the membership, but not the general public. Access will be controlled by password/username login. But the church is also asking about an encrypted connection using an SSL certificate. Is the SSL encryption overkill for something like this? Or would it be advisable? How big a security risk is there for personal info like this? Is it easy to hack without SSL? Thanks for any feedback. Rick ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:297241 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4