Re: Digest Authentication [message #179924 is a reply to message #179921] |
Wed, 19 December 2012 20:02 |
Jerry Stuckle
Messages: 2598 Registered: September 2010
Karma:
|
Senior Member |
|
|
On 12/19/2012 12:40 PM, dhtmlkitchen(at)gmail(dot)com wrote:
> On Tuesday, December 18, 2012 6:08:59 PM UTC-8, Jerry Stuckle wrote:
>> On 12/18/2012 8:55 PM, xkit wrote:
>>
>>> On Dec 13, 8:15 pm, Jerry Stuckle <jstuck...@attglobal.net> wrote:
>>
>>>> On 12/13/2012 7:49 PM, dhtmlkitc...@gmail.com wrote:
>>
> [snip entire quoted message NOTE:
> Never fullquote on USENET (quotes the whole message, signature). QUote *only* the parts you are replying to. Otherwise, there is no dialogue; no back and forth.
>
> When replying type your reply, then review the entire message.
>
I will quote what I feel is appropriate. In this case, it was ALL
appropriate.
>> If you're doing ecommerce (even if you're using Paypal), you NEED to use
>>
>> https. Otherwise your site is NOT secure. It is too easy to intercept
>>
> What it?
>
> There are a lot of sites that navigate from http (not https) site to paypal. Are you telling me that this is a security issue? And if not, then where exactly do *you* see the security hole and what do you see being at risk (you wrote "everything" (including the moon?)).
>
It's not just PayPal involved in your site security. Oh, but I forgot.
You didn't want me to quote the appropriate text.
>> the data being entered - i.e. someone using a wireless hot spot, on a
>>
>> cable modem at home or any of a couple of dozen other connections will
>>
>> easily allow a hacker to get everything he/she wants.
>>
> Again, what is everything [that the hacker wants]? And how does any hacker get all of these things? Please explain, if you can.
>
Exactly what I said. But I'm not going to even try to explain basic
Internet security to someone who obviously has no clue.
>>
>>
>> And if your site is hacked, the cost of NOT using it is much, much
>>
>> higher than the cost of using it. If you can't afford it, you can't
>>
>> afford the site.
>>
>>
>>
>> Read M. Strobel's post. And if you're not familiar with creating a
>>
> "This is a feature that is offered completely functional by the web server. " ...
>
That doesn't mean it is secure. And in this case, it definitely IS NOT.
>> secure site, hire someone who is. This is not a job for a beginner.
>>
> Apparently noone here is qualified or willing to explain this task. I'm sure someone has made a secure site and is capable of reading, understanding, making security assessment and giving technical advise.
>
Yes, I'm qualified to explain it. But I'm not even going to try in a
newsgroup post. It's way too big.
>>
>>
>> And BTW - giving a "hidden URL" is no security at all.
>>
> And that is why I advised the client to not do that, AISB.
>
At least that's a start. But again - I suggest you get someone who
UNDERSTANDS security. It's much more than cutting and pasting some code
you found on a web site (even if it is php.net). You obviously don't,
and it's way too important.
And once again, it's way too complicated to even try to begin to explain
over usenet. Understanding real security takes a LOT of time and learning.
That's why you haven't gotten more detailed answers here.
And BTW - I build secure sites all the time. They ALL include https -
but NONE of them include web server authentication. It's barely ok for
low security sites, but not ecommerce.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
|
|
|