[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
RE: [xml-dev] RE: Encoding charset of HTTP Basic Authentication
- From: "David Lee" <dlee@calldei.com>
- To: "'Tei'" <oscar.vives@gmail.com>, "'xml-dev'" <xml-dev@lists.xml.org>
- Date: Wed, 1 Feb 2012 06:50:25 -0500
===> Tei sez
Security conscient people seems to not like this idea, because MITM
attacks are easy with selfsigned certs.
<====
Of course its not perfect, practically nothing is.
But my point is using SSL with self-signed certificates is more vastly more secure than using HTTP with plain text. But the browsers give a Horrendously scary warning if you use SSL with self-signed certificates and say nothing at all for plain text HTTP (except the lack of a microscopic lock icon).
This leads many (most?) web site developers to just stick to plain HTTP. Thus decreasing security overall
I simply don't understand that.
-David
----------------------------------------
David A. Lee
dlee@calldei.com
http://www.xmlsh.org
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
