XML.orgXML.org
FOCUS AREAS |XML-DEV |XML.org DAILY NEWSLINK |REGISTRY |RESOURCES |ABOUT
OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]
RE: [xml-dev] RE: Encoding charset of HTTP Basic Authentication

===> Tei sez 
Security conscient people seems to not like this idea, because MITM
attacks are easy with selfsigned certs.
<====

Of course its not perfect, practically nothing is.
But my point is using SSL with self-signed certificates is more vastly more secure than using HTTP with plain text. But the browsers give a Horrendously scary warning if you use SSL with self-signed certificates and say nothing at all for plain text HTTP (except the lack of a microscopic lock icon).
This leads many (most?) web site developers to just stick to plain HTTP.  Thus decreasing security overall
I simply don't understand that.

-David

----------------------------------------
David A. Lee
dlee@calldei.com
http://www.xmlsh.org






[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]


News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 1993-2007 XML.org. This site is hosted by OASIS