| Re: PHP mysql_excape but need to search for those items [message #178381 is a reply to message #178370] |
Tue, 12 June 2012 09:35   |
Arno Welzel
Messages: 317
Registered: October 2011
Karma:
|
Senior Member |
|
|
Jerry Stuckle, 11.06.2012 23:06:
> On 6/11/2012 2:38 PM, J.O. Aho wrote:
[...]
>> Don't forget man in the middle, using https will not protect against
>> that.
>
> Actually, it will. HTTPS transmissions are encrypted between the client
> and the server using public/private key encryption. That's the whole
> purpose of HTTPS.
But only if the client *only* trusts the specific certificate. Otherwise
the man in the middle can just set up a proxy which also accepts SSL
connections and provides a valid certificate. There have been a number
of broken CAs in the past which allowed virtually anyone to create
signed and "trusted" certificates for any domain
--
Arno Welzel
http://arnowelzel.de
http://de-rec-fahrrad.de
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]