OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]
RE: [xml-dev] RE: Encoding charset of HTTP Basic Authentication

===> Tei sez 
Security conscient people seems to not like this idea, because MITM
attacks are easy with selfsigned certs.

Of course its not perfect, practically nothing is.
But my point is using SSL with self-signed certificates is more vastly more secure than using HTTP with plain text. But the browsers give a Horrendously scary warning if you use SSL with self-signed certificates and say nothing at all for plain text HTTP (except the lack of a microscopic lock icon).
This leads many (most?) web site developers to just stick to plain HTTP.  Thus decreasing security overall
I simply don't understand that.


David A. Lee

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]

News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 1993-2007 XML.org. This site is hosted by OASIS