| Re: PHP mysql_excape but need to search for those items [message #178382 is a reply to message #178381] |
Tue, 12 June 2012 12:00   |
Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma:
|
Senior Member |
|
|
On 6/12/2012 5:35 AM, Arno Welzel wrote:
> Jerry Stuckle, 11.06.2012 23:06:
>
>> On 6/11/2012 2:38 PM, J.O. Aho wrote:
> [...]
>>> Don't forget man in the middle, using https will not protect against
>>> that.
>>
>> Actually, it will. HTTPS transmissions are encrypted between the client
>> and the server using public/private key encryption. That's the whole
>> purpose of HTTPS.
>
> But only if the client *only* trusts the specific certificate. Otherwise
> the man in the middle can just set up a proxy which also accepts SSL
> connections and provides a valid certificate. There have been a number
> of broken CAs in the past which allowed virtually anyone to create
> signed and "trusted" certificates for any domain
>
>
Setting up a proxy would mean alternations to the domain name servers
data. Additionally, the certificate either would not match the domain
name or the certificate would not be signed by a recognized authority
(which is a good reason to use a trusted certificate).
I don't know of any broken CAs in the past, but there could have been.
However, the ones I use won't issue a certificate just to anyone.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]