On Wed, Sep 25, 2013 at 1:55 PM, Tedd Sperling wrote:
> Hi gang:
>
> I have a client who had his entire site moved to another host -- no big
> problem.
>
> However, the old site had a https directory, where I had secure scripts to do
> credit-card transactions, but the new site doesn't have a ht
On Sep 25, 2013, at 2:24 PM, Tedd Sperling wrote:
>
> I understand that cc processing should be done via https.
>
> Normally, that means to me that I place my $ scripts in a https directory --
> the problem is that I don't have one with this host.
>
> So, I am asking how does one do that with
On Sep 25, 2013, at 1:58 PM, Joshua Kehn wrote:
> On Sep 25, 2013, at 1:55 PM, Tedd Sperling wrote:
>
>> Hi gang:
>>
>> I have a client who had his entire site moved to another host -- no big
>> problem.
>>
>> However, the old site had a https directory, where I had secure scripts to
>> do
On Sep 25, 2013, at 1:55 PM, Tedd Sperling wrote:
> Hi gang:
>
> I have a client who had his entire site moved to another host -- no big
> problem.
>
> However, the old site had a https directory, where I had secure scripts to do
> credit-card transactions, but the new site doesn't have a htt
Thank you
On May 31, 2011, at 12:34 AM, Negin Nickparsa wrote:
I need to create a login page with HTTPS to yahoo
Do I have to have a valid certificate?
I have not trust certification centre, so before anything under
HTTPS will
be shown up, the window will come with information: valid
certificate: y
yahoo don't have ssl enabled on all their content it seems.
http://privacy.yahoo.com/privacy/us/security/details.html
~viraj
On Tue, May 31, 2011 at 11:11 AM, Negin Nickparsa wrote:
> it is the output:
> http://www.yahoo.com/?s=https
>
> can i force it to show me
> https://www.yahoo.com
>
> ?
it is the output:
http://www.yahoo.com/?s=https
can i force it to show me
https://www.yahoo.com
?
I need to create a login page with HTTPS to yahoo
Do I have to have a valid certificate?
I have not trust certification centre, so before anything under HTTPS will
be shown up, the window will come with information: valid certificate: yes,
valid domain: yes, valid authority for SSL key: no.
am I
Negin,
That is pretty vague.
More details please
Richard L. Buskirk
Senior Software Engineer/Systems Administrator
You can't grow your business with systems that are on life support...
-Original Message-
From: Negin Nickparsa [mailto:nickpa...@gmail.com]
Sent: Monday, May 3
Jordan,
Do you have a shared hosting? i.e. you must have hosted your site/page on
some server.
Most of the hosting server these days provide you with the feature of
installing SSL certificate.
So what you need is-
Buy a SSL certificate from a vendor. There are so many of them available
these da
Jordan,
Bostjan hit the main points, but if you're trying to run a secure
server, you probably ought to know more about it than you do now.
It's pretty easy to arrange a secure connection that isn't actually
secure if you don't know what you're doing. I'd recommend a good
Apache book -- I have
You should look up something like "openssl how to create self signed
certificate" on google. Once cert is created, you should look up "apache ssl
howto". The rest is just following instructions intelligently. Or use a
consulting company.
b.
PS: This has nothing to do with PHP, in case you haven't
On Sun, 2010-08-01 at 13:29 +0200, Jordan Jovanov wrote:
> Hello
>
> I have one web page with hhtp protocol, but i need to change in https.
> Do you somebody know does is easy and can i do?
> Does need to write some php scripts or anything.
>
> Thanks a lot.
>
You need to set up a security ce
PJ wrote:
Don't forget, you have to have a certificate, real or dummy for this to
work. :-)
Note that Firefox makes things difficult for non tech users with self
signed certs, so for a live site open to the public, you really do want
to spend the dough on a certificate from an authority.
Shanon Swafford wrote:
>> -Original Message-
>> From: PJ [mailto:af.gour...@videotron.ca]
>> Sent: Thursday, June 04, 2009 3:59 PM
>> To: php-general@lists.php.net
>> Subject: [PHP] https setup
>>
>> Can't find anything on G or web - but I probably didn't try hard enough.
>> I am unable to
Per Jessen wrote:
> PJ wrote:
>
>
>> Can't find anything on G or web - but I probably didn't try hard
>> enough.
>>
>
> Correct :-)
>
>
>> I am unable to set my virtual hosts to handle https.
>> I have apache22, mod_ssl, opnenssl and the httpd and httpd-vhosts.conf
>> files are set up
Michael A. Peters wrote:
> PJ wrote:
>> Can't find anything on G or web - but I probably didn't try hard enough.
>> I am unable to set my virtual hosts to handle https.
>> I have apache22, mod_ssl, opnenssl and the httpd and httpd-vhosts.conf
>> files are set up "correctly" but directing a sensitiv
PJ wrote:
Can't find anything on G or web - but I probably didn't try hard enough.
I am unable to set my virtual hosts to handle https.
I have apache22, mod_ssl, opnenssl and the httpd and httpd-vhosts.conf
files are set up "correctly" but directing a sensitive user information
page to an HTTPS p
PJ wrote:
> Can't find anything on G or web - but I probably didn't try hard
> enough.
Correct :-)
> I am unable to set my virtual hosts to handle https.
> I have apache22, mod_ssl, opnenssl and the httpd and httpd-vhosts.conf
> files are set up "correctly" but directing a sensitive user
> inf
You are right - Decline the job, you don't want any credit-card stealing on
your head
On Wed, Apr 15, 2009 at 1:10 PM, Richard Heyes wrote:
> Hi,
>
> > To add to what others have said: CC processors with which I have worked
> will
> > audit your site *before* certifying your site to accept CC in
Hi,
> To add to what others have said: CC processors with which I have worked will
> audit your site *before* certifying your site to accept CC information. In
> other words, if you don't do SSL, you won't be *allowed* to process cards.
FWIW, companies exist that will host your "buy" page(s), so
On Apr 13, 2009, at 10:19 PM, Skip Evans wrote:
But doesn't also the form need to be secure since you're sending CC
information from that form back to the web site's server?
That's what I've always assumed.
I need some opinions on this, and if I'm right I think the client
will defer to a f
Sounds like your client wants to end up listed in a Terminated Merchant File.
On Mon, Apr 13, 2009 at 11:19 PM, Skip Evans wrote:
> Hey all,
>
> I've always put any forms that collect credit card information behind a
> secure connection, https, figuring that sending that information from the
> c
On Mon, Apr 13, 2009 at 11:19 PM, Skip Evans wrote:
> Hey all,
>
> I've always put any forms that collect credit card information behind a
> secure connection, https, figuring that sending that information from the
> client browser to the server should be secure, but I'm having convincing a
> clie
Hi,
> I've always put any forms that collect credit card information behind a
> secure connection, https, figuring that sending that information from the
> client browser to the server should be secure, but I'm having convincing a
> client that it is necessary.
>
> He instead insists that only the
On Mon, Apr 13, 2009 at 10:19:34PM -0500, Skip Evans wrote:
> Hey all,
>
> I've always put any forms that collect credit card information
> behind a secure connection, https, figuring that sending that
> information from the client browser to the server should be
> secure, but I'm having convincin
Robert Cummings wrote:
On Fri, 2008-02-15 at 15:05 -0500, Robert Cummings wrote:
On Fri, 2008-02-15 at 14:58 -0500, nihilism machine wrote:
why isnt this redirecting my page to https://www.mydomain.com instead
the page stays at my domain.com
checkHTTPS();
$this->checkWWW();
On Fri, 2008-02-15 at 15:05 -0500, Robert Cummings wrote:
> On Fri, 2008-02-15 at 14:58 -0500, nihilism machine wrote:
> > why isnt this redirecting my page to https://www.mydomain.com instead
> > the page stays at my domain.com
> > >
> > class URL {
> >
> > // Public Variables
> > pu
On Fri, 2008-02-15 at 14:58 -0500, nihilism machine wrote:
> why isnt this redirecting my page to https://www.mydomain.com instead
> the page stays at my domain.com
>
> class URL {
>
> // Public Variables
> public $HTTPS;
> public $ServerName;
> public $WWW;
>
>
On Mon, January 29, 2007 12:30 am, chetan rane wrote:
> i am writing a progrram for a Jabber COnnection manager. I want to
> access
> the client XML using HTTPS. do any one know a way to so it
http://php.net/curl
will get you through the S part of HTTPS nice and easy.
Mucking with the XML, you ha
http://php.net/curl
Best regards,
Peter Lauri
www.dwsasia.com - company web site
www.lauri.se - personal web site
www.carbonfree.org.uk - become Carbon Free
-Original Message-
From: chetan rane [mailto:[EMAIL PROTECTED]
Sent: Monday, January 29, 2007 8:31 AM
To: php-general@lists.php.n
[snip]
> soapclient('https://webservices.netsuite.com/wsdl/v1_3_1/netsuite.wsdl');
The 's' in 'https' should be all that nuSOAP would need to know that
it should use SSL, if nuSOAP can do that.
[/snip]
Correct. NuSOAP do detect automatically, and if CURL is configured it will
work.
[snip]
> 'ro
[snip]
>
> 'account'=>'theaccountnumber',
>
> 'role internalId="theinternalid"'=>''));
Does that work to set the attribute?
[/snip]
You are correct, that does NOT work. I found out to use soapval instead.
Thank you!
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http:
On Wed, March 22, 2006 1:41 am, Peter Lauri wrote:
> I am trying to use a Web Service on the following endpoint
> https://webservices.netsuite.com/wsdl/v1_3_1/netsuite.wsdl. As seen in
> the
> url, it is under HTTPS. I have compiled PHP with CURL and verified
> that CURL
> is working. In the docume
I am trying to use a Web Service on the following endpoint
https://webservices.netsuite.com/wsdl/v1_3_1/netsuite.wsdl. As seen in the
url, it is under HTTPS. I have compiled PHP with CURL and verified that CURL
is working. In the documentation for NuSOAP I can not find how I set the
soapclient to
On Thu, 2004-10-28 at 11:01 -0500, Afan Pasalic wrote:
> Hi Robby,
> Yes, I looked at SERVER_PORT/SERVER_PROTOCOL. What I got is 80 and
> HTTP/1.1 when I manually change http:// to https:// I'm getting 443 and
> HTTP/1.1
>
> I am not so good in this: you want to say that SSL use 443 port
>
Well, didn't know that one.
Thanks Greg, didn't know that one :)
Today is successful day - learned something new :)
-afan
Greg Donald wrote:
On Thu, 28 Oct 2004 11:01:53 -0500, Afan Pasalic <[EMAIL PROTECTED]> wrote:
I am not so good in this: you want to say that SSL use 443 port
Yup.
--
PHP
OTECTED]
Sent: Wednesday, October 27, 2004 3:01 PM
To: php-general
Subject: Re: [PHP] https://...
On Wed, 27 Oct 2004 16:35:14 -0500, Afan Pasalic <[EMAIL PROTECTED]> wrote:
hi,
how can I check using php that I use SSL?
tried with
REQUEST_URI
HTTP_HOST
PATH_INFO
but any of these does show
ober
27, 2004 3:01 PM
To: php-general
Subject: Re: [PHP] https://...
On Wed, 27 Oct 2004 16:35:14 -0500, Afan Pasalic <[EMAIL PROTECTED]> wrote:
hi,
how can I check using php that I use SSL?
tried with
REQUEST_URI
HTTP_HOST
PATH_INFO
but any of these does show http://
phpinfo() describe
that's why I use it, sure.
but can't find anything that helps me.
Greg Donald wrote:
On Wed, 27 Oct 2004 16:35:14 -0500, Afan Pasalic <[EMAIL PROTECTED]> wrote:
hi,
how can I check using php that I use SSL?
tried with
REQUEST_URI
HTTP_HOST
PATH_INFO
but any of these does show http://
phpinfo() des
On Thu, 28 Oct 2004 11:01:53 -0500, Afan Pasalic <[EMAIL PROTECTED]> wrote:
> I am not so good in this: you want to say that SSL use 443 port
Yup.
--
Greg Donald
Zend Certified Engineer
http://gdconsultants.com/
http://destiney.com/
--
PHP General Mailing List (http://www.php.net/)
To uns
Hi Robby,
Yes, I looked at SERVER_PORT/SERVER_PROTOCOL. What I got is 80 and
HTTP/1.1 when I manually change http:// to https:// I'm getting 443 and
HTTP/1.1
I am not so good in this: you want to say that SSL use 443 port
-afan
Robby Russell wrote:
On Wed, 2004-10-27 at 16:35 -0500, Afan Pas
oded
full urls for images, the browser will usually complain if the page is
accessed via https and the image via http.
Warren Vail
-Original Message-
From: Greg Donald [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 27, 2004 3:01 PM
To: php-general
Subject: Re: [PHP] https://...
On Wed, 27
ing https? Another example is, if you have coded
full urls for images, the browser will usually complain if the page is
accessed via https and the image via http.
Warren Vail
-Original Message-
From: Greg Donald [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 27, 2004 3:01 PM
To: php-gen
--
From: Greg Donald [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 27, 2004 3:01 PM
To: php-general
Subject: Re: [PHP] https://...
On Wed, 27 Oct 2004 16:35:14 -0500, Afan Pasalic <[EMAIL PROTECTED]> wrote:
> hi,
> how can I check using php that I use SSL?
> tried with
> REQUEST
On Wed, 27 Oct 2004 16:35:14 -0500, Afan Pasalic <[EMAIL PROTECTED]> wrote:
> hi,
> how can I check using php that I use SSL?
> tried with
> REQUEST_URI
> HTTP_HOST
> PATH_INFO
> but any of these does show http://
phpinfo() describes my SSL stuff pretty well if that's what you mean.
And I also fo
On Wed, 2004-10-27 at 16:35 -0500, Afan Pasalic wrote:
> hi,
> how can I check using php that I use SSL?
> tried with
> REQUEST_URI
> HTTP_HOST
> PATH_INFO
> but any of these does show http://
>
> Thanks!
>
> -afan
>
Have you looked at $_SERVER['SERVER_PORT'] and
$_SERVER['SERVER_PROTOCOL']
?
* Thus wrote Michael R. Wayne ([EMAIL PROTECTED]):
> On Fri, Apr 30, 2004 at 08:52:37PM +, Curt Zirzow wrote:
> >
> > session.cookie_path
> > session.cookie_domain
> > session.cookie_secure
>
> session.cookie_path /
> session.cookie_secure Off
> session.cookie_domain no value
>
> But we ne
On Fri, Apr 30, 2004 at 08:52:37PM +, Curt Zirzow wrote:
>
> session.cookie_path
> session.cookie_domain
> session.cookie_secure
session.cookie_path /
session.cookie_secure Off
session.cookie_domain no value
But we never use cookies:
session.use_cookies Off
/\/\ \/\/
--
PHP Ge
* Thus wrote Michael R. Wayne ([EMAIL PROTECTED]):
>
> Upgraded our PHP installation from 4.1.2 to 4.3.4, scripts that
> worked fine before are no longer doing so. The failure can be
> traced to the fact that sessions are never being reused (i.e. a new
> session gets started with each connection)
* Thus wrote Rosen ([EMAIL PROTECTED]):
> I.e. if I use _SERVER["SERVER_PORT"] = 443 - for https connection and 80
> for "normal" - i'll be able to determite if user is in https mode - I think
> thath should be works . ?
There is no guarantee that port 443 == https and 80 == http.
Curt
--
"My
On Sun, Oct 12, 2003 at 08:52:30PM +1000, Tom Rogers wrote:
: Sunday, October 12, 2003, 8:46:41 PM, Eugene wrote:
: EL> On Sun, Oct 12, 2003 at 01:24:40PM +0200, Rosen wrote:
: EL> :
: EL> : I.e. if I use _SERVER["SERVER_PORT"] = 443 - for https connection
: EL> : and 80 for "normal" - i'll be a
On Sun, Oct 12, 2003 at 01:24:40PM +0200, Rosen wrote:
:
: I.e. if I use _SERVER["SERVER_PORT"] = 443 - for https connection and 80
: for "normal" - i'll be able to determite if user is in https mode - I think
: thath should be works . ?
Technically, you can't guarantee that anything running ov
On Sun, Oct 12, 2003 at 01:09:15PM +0200, Rosen wrote:
:
: Is there a way to determite with PHP thath site visitor is in https (SSL)
: mode or in normal mode ?
Check for the existence of $_SERVER['HTTPS'] which gets set only on SSL
pages. I wonder why it's still not mentioned in the official doc
I.e. if I use _SERVER["SERVER_PORT"] = 443 - for https connection and 80
for "normal" - i'll be able to determite if user is in https mode - I think
thath should be works . ?
Thanks,
Rosen
"Tom Rogers" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Hi,
>
> Sunday, October 12
Hi,
Sunday, October 12, 2003, 9:09:15 PM, you wrote:
R> Hi,
R> Is there a way to determite with PHP thath site visitor is in https (SSL)
R> mode or in normal mode ?
R> Thanks,
R> Rosen
put phpinfo(32); at the top of the page and that should show what is available
with an ssl connection if you m
|-Original Message-
|From: PHP List [mailto:[EMAIL PROTECTED]
|Sent: Tuesday, July 15, 2003 1:02 PM
|To: [EMAIL PROTECTED]
|Subject: [PHP] HTTPS POST without user/client intervention
|
|I am writing a php script to accept an HTTPS POST of data from a remote
|site, process the data, and send
I think what you are looking for is socket connections:
http://www.php.net/manual/en/function.fsockopen.php
Or CURL
http://www.php.net/manual/en/ref.curl.php
-Original Message-
From: PHP List [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 15, 2003 1:02 PM
To: [EMAIL PROTECTED]
Subject:
--- PHP List <[EMAIL PROTECTED]> wrote:
> > As for sending a POST request to a remote site via SSL, just check
> > out cURL, which also has a convenient PEAR package.
>
> This is what I am trying to do...and thanks for point out cURL...I will
> check it out.
In that case, you should find this hel
On Tue, 2003-07-15 at 15:12, Chris Shiflett wrote:
> --- PHP List <[EMAIL PROTECTED]> wrote:
> > I am writing a php script to accept an HTTPS POST of data from a
> > remote site, process the data, and send an HTTPS POST response back
> > (not necessarily to the same remote site).
>
> Can you perha
--- PHP List <[EMAIL PROTECTED]> wrote:
> I am writing a php script to accept an HTTPS POST of data from a
> remote site, process the data, and send an HTTPS POST response back
> (not necessarily to the same remote site).
Can you perhaps rephrase what you are trying to do? The way I interpret what
Hey Folks:
Speaking of identity theft, here's a fun story. Involves a Hollywood
Video store. HV is a large chain of video rental stores.
http://www.nydailynews.com/2002-07-09/News_and_Views/Crime_File/a-156851.asp
--Dan
--
PHP classes that make web design easier
SQL
x27;s online site gets hacked, and you hear
about it because it could be detected.
- Theo
P.S.: Shopping carts 'too boring'?! Of course they're boring!
-Original Message-----
From: Richard Lynch [mailto:[EMAIL PROTECTED]]
Sent: Monday, July 08, 2002 4:33 PM
To: [EM
On Mon, 8 Jul 2002, Analysis & Solutions wrote:
> Allow me to emphasize Richard's point about not trusting certificate
> authorities. I have an SSL certificate. It was fairly simple to get,
> despite several discrepancies in my documentation.
>
> While it made things easier for me, which I'm
Folks:
Allow me to emphasize Richard's point about not trusting certificate
authorities. I have an SSL certificate. It was fairly simple to get,
despite several discrepancies in my documentation.
While it made things easier for me, which I'm thankful for. Fortunately,
I'm a legitimate opera
>>>How do you know their certificate hasn't been stolen, and they haven't even
>figured it out yet? How do you know they were trustworthy people in the
>first place?<<
>
>Why do you ASSUME that they're NOT trustworthy people? Do you go through
>your entire life in that shell?
Everybody gets a
On Mon, 8 Jul 2002, Brinkman, Theodore wrote:
> Think about it for a moment. E-commerce involving properly signed sites is,
> at the very least, more secure than handing your credit card to a waiter in
> a restauraunt. The waiter can walk off with your card, and come back 2
> minutes later with
n the name,
cc number and expiration date for later use.
- Theo
-Original Message-
From: B.C. Lance [mailto:[EMAIL PROTECTED]]
Sent: Sunday, July 07, 2002 12:37 AM
To: [EMAIL PROTECTED]
Subject: Re: [PHP] HTTPS vs. HTTP ? - the weakest link
sorry to barge in. but the weakest link
>>How do you know their certificate hasn't been stolen, and they haven't even
figured it out yet? How do you know they were trustworthy people in the
first place?<<
Why do you ASSUME that they're NOT trustworthy people? Do you go through your entire
life in that shell?
>>The more I think abou
Chris Shiflett wrote:
>
> I think I'm going to compile all of my SSL explanations into a more
> clear and informative explanation and post it on the Web somewhere.
Yes please.
Chris
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
ðÒÉ×ÅÔ!
This is for Chris and Miguel and all the people who threw in infos.
I just wanted to thank you all :) It's been really useful, and yes
Chris, I guess you should post an explanation of the process somewhere.
Most of us are prepared to use HTTPS but we can hardly explain our
customers (
Miguel Cruz wrote:
>Nobody thinks they're checking whether or not goodguys.com are good guys.
>It is your job as a consumer to research them. Once you have researched
>them and decided to do business with them, the certificate authority gives
>you a pretty solid basis for believing that you ac
Alberto Serra wrote:
>> However, it is adequate to know that one key is used to do the
>> encrypting, while the other is used for the decrypting. These are
>> generally referred to as public and private keys, because one is made
>> available to the public while the other is kept safely stored
On Mon, 8 Jul 2002, Alberto Serra wrote:
> Chris Shiflett wrote:
>> Of course, as users of Web browsers such as Netscape and Internet
>> Explorer, we have to trust AOL/Time Warner and Microsoft, respectively,
>> (yeah, scary thought) to only trust CAs that have high integrity,
>> security, etc.
ðÒÉ×ÅÔ!
>> Chris Shiflett wrote:
> it is very misleading and would indicate that I
> have very little knowledge about PKI systems,
Come on, nobody here would ever think of that. Especially since most of
us (put me as first one in the list) should know much more about PKI
ourselves before jud
Personally, I think the concept of NEEDING https is a bit rediculous.
Generally, trying to get through the front door, would be the same as
trying to get through a concrete wall with a baseball bat...
Now, finding a back door, and getting at THEIR database is the REAL key.
people don't generally
on 08/07/02 10:48 AM, Mark Charette ([EMAIL PROTECTED]) wrote:
> Or, even easier and "no tech", I get a low-paying job in some convenience
> store, and make copies of the credit card receipts.
>
> Game Over.
>
> Using a credit card anywhere involves trust. Period. End of story.
Couldn't agree
I think I'm going to forget trying to explain the technical details,
because somehow this conversation is completely missing the point now. :)
SSL allows you to be sure that your credit card number is getting safely
and securely to the Web site identified by a certain domain name. That's
all i
Or, even easier and "no tech", I get a low-paying job in some convenience
store, and make copies of the credit card receipts.
Game Over.
Using a credit card anywhere involves trust. Period. End of story.
-Original Message-
From: Richard Lynch [mailto:[EMAIL PROTECTED]]
How about an eve
>In public key cryptography, it is the *keys*, not the digital
>certificate that encrypt/decrypt the communication.
Okay.
I break into his co-lo, I walk off with his computer, and I break into his
office, I walk off with his computers, I kill the guy, and I kidnap his
wife.
I have everything.
On Sat, 6 Jul 2002, Richard Lynch wrote:
> I think we both agree that any old certificate is secure from snooping,
> right?
I would disagree with that.
In order to snoop on a connection, you need to have some access to the
link.
This may be by being in the same building with one of the endpoin
I just explained this all in great detail, so please read that. I don't
just think you are confused; I am positive you are.
However, I did notice that you are the same person who gives many good
answers to other peoples' questions. This giving of your time to be
helpful is commendable, and I a
sorry to barge in. but the weakest link ain't in ssl. doesn't really
matter how secure vs insecure it is. you can come up with the most
secure technology in the whole world that no one can break into. the
weakest link lies on the user/customer themselves.
you just need a trojan horse in their
Alberto Serra wrote:
> ðÒÉ×ÅÔ!
I've always wondered what this is exactly. I'm going to assume it's a
friendly greeting. :)
> Chris Shiflett wrote:
>
>> Richard,
>>
>>> Do you really believe that for $200 (or $119, or $500) that they
>>> "proven"
>>> themselves trustworthy?
>>
>
> LOL no, I
>Honestly, I think you need to just buy on book on this. I think I
>explained things pretty clearly, and your confusion now seems to be
>based more on a lack of trusting my explanation more than anything. I
>can't imagine how you could still be this confused.
What I can't imagine is how confus
ðÒÉ×ÅÔ!
Chris Shiflett wrote:
> Richard,
>> Do you really believe that for $200 (or $119, or $500) that they "proven"
>> themselves trustworthy?
LOL no, I don't. As a matter of fact crooks usually have more money in
their pockets than honest people do, so it's highly possible that a
crook will
Richard,
Honestly, I think you need to just buy on book on this. I think I
explained things pretty clearly, and your confusion now seems to be
based more on a lack of trusting my explanation more than anything. I
can't imagine how you could still be this confused.
I will try to explain once m
>>But unless you paid the $200 to get it from a CA, surfers will see a nasty
>>(and totally inaccurate/misleading) warning about how insecure it is.
>>
>
>They should. To do otherwise would be inaccurate and misleading.
>
>>The transmission is no less secure -- It's that the web-server on the othe
>On Fri, 5 Jul 2002, Richard Lynch wrote:
>> But unless you paid the $200 to get it from a CA, surfers will see a nasty
>> (and totally inaccurate/misleading) warning about how insecure it is.
>
>It is easy to launch a man-the-middle attack against a session being
>initiated between a client and a
Richard Lynch wrote:
>In the HTTPS exchange, however, extra key-pairs are generated on the fly,
>and the private half of the new pair are exchanged, encrypted with the
>public halfs of the old pairs, so that the server and the browser are using
>a UNIQUE public/private pair so that nobody can sno
Richard Lynch wrote:
>You can create your own SSL key pair very, very, very easily...
>
>But unless you paid the $200 to get it from a CA, surfers will see a nasty
>(and totally inaccurate/misleading) warning about how insecure it is.
>
They should. To do otherwise would be inaccurate and mislea
On Fri, 5 Jul 2002, Richard Lynch wrote:
> But unless you paid the $200 to get it from a CA, surfers will see a nasty
> (and totally inaccurate/misleading) warning about how insecure it is.
It is easy to launch a man-the-middle attack against a session being
initiated between a client and a serve
>For Miguel Cruz posting back there. If I understand correctly, the private
>key are inside the public key. Is this correct?
If you have an SSL (or SSH, or whatever) key thingie, it always comes as a
"pair"
The private half, and the public half.
You never, ever, ever, ever give the private ha
>I saw that Microsoft has a Certificate Authority server package that allows
>you to create your own key. Is there a way to do this in linux? In this
>particular instance, it's me accessing my own web site. I'd like to encrypt
>the session and I'm don't need someone to confirm anything.
You ca
>On Fri, 5 Jul 2002, Jerome Houston wrote:
>> if the browser is making a request, and it sees an https:// at the beginning
>> of the request URL, it will :
>> 1. get the domain's public key from a public key server
>> 2. encrypt the whole request with the domain's public key
>> 3. submit it to
On Sat, 6 Jul 2002, Alberto Serra wrote:
> yes, but in that case your Apache is running just ONE web site. Most
> people buy VirtualDomains which are namebased and not IP based. And they
> cannot share an IP number with other sites with SSL, AFAIK. Or am I
> misunderstanding the docs?
You're r
:
> -Original Message-
>
>>From: Alberto Serra [mailto:[EMAIL PROTECTED]]
>>Sent: Friday, July 05, 2002 8:54 PM
>>Cc: [EMAIL PROTECTED]
>>Subject: Re: [PHP] HTTPS vs. HTTP ?
>
>
>>Besides, using an HTTPS server implies
>>(correct me if I am w
On Fri, 5 Jul 2002, Scott Fletcher wrote:
> For Miguel Cruz posting back there. If I understand correctly, the private
> key are inside the public key. Is this correct?
I'm not completely sure I understand your question. When you visit a site
using HTTPS, here's basically what happens:
1. You
On Fri, 5 Jul 2002, Lazor, Ed wrote:
> I saw that Microsoft has a Certificate Authority server package that allows
> you to create your own key. Is there a way to do this in linux? In this
> particular instance, it's me accessing my own web site. I'd like to encrypt
> the session and I'm don't
1 - 100 of 117 matches
Mail list logo
