| Re: Digest Authentication [message #179935 is a reply to message #179921] |
Thu, 20 December 2012 01:02   |
Scott Johnson
Messages: 196
Registered: January 2012
Karma:
|
Senior Member |
|
|
On 12/19/2012 9:40 AM, dhtmlkitchen(at)gmail(dot)com wrote:
> On Tuesday, December 18, 2012 6:08:59 PM UTC-8, Jerry Stuckle wrote:
>> On 12/18/2012 8:55 PM, xkit wrote:
>>
>>> On Dec 13, 8:15 pm, Jerry Stuckle <jstuck...@attglobal.net> wrote:
>>
>>>> On 12/13/2012 7:49 PM, dhtmlkitc...@gmail.com wrote:
>>
> [snip entire quoted message NOTE:
> Never fullquote on USENET (quotes the whole message, signature). QUote *only* the parts you are replying to. Otherwise, there is no dialogue; no back and forth.
>
> When replying type your reply, then review the entire message.
>
>> If you're doing ecommerce (even if you're using Paypal), you NEED to use
>>
>> https. Otherwise your site is NOT secure. It is too easy to intercept
>>
> What it?
>
> There are a lot of sites that navigate from http (not https) site to paypal. Are you telling me that this is a security issue? And if not, then where exactly do *you* see the security hole and what do you see being at risk (you wrote "everything" (including the moon?)).
>
>> the data being entered - i.e. someone using a wireless hot spot, on a
>>
>> cable modem at home or any of a couple of dozen other connections will
>>
>> easily allow a hacker to get everything he/she wants.
>>
> Again, what is everything [that the hacker wants]? And how does any hacker get all of these things? Please explain, if you can.
>
>>
>>
>> And if your site is hacked, the cost of NOT using it is much, much
>>
>> higher than the cost of using it. If you can't afford it, you can't
>>
>> afford the site.
>>
>>
>>
>> Read M. Strobel's post. And if you're not familiar with creating a
>>
> "This is a feature that is offered completely functional by the web server. " ...
>
>> secure site, hire someone who is. This is not a job for a beginner.
>>
> Apparently noone here is qualified or willing to explain this task. I'm sure someone has made a secure site and is capable of reading, understanding, making security assessment and giving technical advise.
>
>>
>>
>> And BTW - giving a "hidden URL" is no security at all.
>>
> And that is why I advised the client to not do that, AISB.
>
(FULLQUOTE)
Kitchen I doubt you are going to get any additional help around here
with your attitude.
Jerry was pointing out the vulnerabilities of the code used and unless
you have stock in that code or wrote it yourself, why get so defensive?
His points are very valid whether you disagree or dislike them. If you
expect FREE help for your potentially litigious issues, you may want to
humble yourself a bit.
Scotty
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]