WebApp Sec mailing list archives
Re: how to secure a commercial web site
From: Rogan Dawes <discard () dawes za net>
Date: Wed, 12 May 2004 16:09:45 +0200
Jason Gregson wrote:
Firstly let me apologise in advance if I have made this post to the wrong place. If so tell me what I did wrong and it wont happen again ;o) Bilur, Applying a SSL server does not make your site secure. All itdoes is allow the data from the client to the server encrypted. IE establishes a secure encrypted tunnel from you (IIS) to the client's browser. It does not however protect your server or infrastructure in any way.
Brings to mind a quote I had in my sig a while back:Gene Spafford: "Using encryption on the Internet is the equivalent of arranging an armored car to deliver credit-card information from someone living in a cardboard box to someone living on a park bench."
It is all about the end points . . . encryption is not THE weak point, it is A possible attack point, and stronger than most!
Regards, Rogan -- Rogan Dawes *ALL* messages to discard () dawes za net will be dropped, and added to my blacklist. Please respond to "lists AT dawes DOT za DOT net"
Current thread:
- how to secure a commercial web site info (May 11)
- Re: how to secure a commercial web site Jeffrey Weiss (May 11)
- Re: how to secure a commercial web site Sean Radford (May 12)
- <Possible follow-ups>
- RE: how to secure a commercial web site Levenglick, Jeff (May 11)
- RE: how to secure a commercial web site Griffiths, Ian (May 11)
- RE: how to secure a commercial web site info (May 12)
- RE: how to secure a commercial web site Jason Gregson (May 12)
- Re: how to secure a commercial web site Rogan Dawes (May 12)
- RE: how to secure a commercial web site Levenglick, Jeff (May 12)
- Re: how to secure a commercial web site Jeffrey Weiss (May 11)