| Re: PHP mysql_excape but need to search for those items [message #178418 is a reply to message #178417] |
Sat, 16 June 2012 06:33   |
Arno Welzel
Messages: 317
Registered: October 2011
Karma:
|
Senior Member |
|
|
Jerry Stuckle, 16.06.2012 03:07:
> On 6/15/2012 4:36 PM, Arno Welzel wrote:
>>
[...]
>> To read more about:<http://www.kb.cert.org/vuls/id/800113>
>>
>> Just because you can not imagine that his happens in reality does not
>> mean that you can ignore the problem.
>>
>
> Quite frankly, I don't believe everything I see on the web. Do you have
> any proof this has actually occurred?
A well documented security hole does not exist for you, as long as
nothing worse happens to you?
["Trustworthy" CAs]
>> VeriSign is also on the list of the CAs which had at least one security
>> problem:
>>
>> < http://www.reuters.com/article/2012/02/02/us-hacking-verisign-idUSTRE8110Z8 20120202>
[...]
>> < http://www.thetechherald.com/articles/DigiNotar-security-incident-goes-from -bad-to-worse>
[...]
> Again, I don't believe everything I see on the Internet. But I have
> used both Thawte and Versign, and know what a company has to go through
> to get a certificate.
I know as well what it takes to get a SSL certificate signed by
VeriSign. Not much... generally just money.
On what base do you trust VeriSign or Thawte?
[...]
>> As i already said: Don't trust a CA, only trust (or don't trust) the
>> certificate. If it changes your browser will immediately tell you - even
>> if it was signed by a CA.
>
> So, what is your solution? Just telling someone not to trust a CA is
> not a solution.
That *is* the solution, if the CA is not trustworthy.
--
Arno Welzel
http://arnowelzel.de
http://de-rec-fahrrad.de
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]