WebApp Sec mailing list archives

Re: how to secure a commercial web site

From: Rogan Dawes <discard () dawes za net>
Date: Wed, 12 May 2004 16:09:45 +0200



Jason Gregson wrote:

Firstly let me apologise in advance if I have made this post to the
wrong place. If so tell me what I did wrong and it wont happen again
;o)

Bilur, Applying a SSL server does not make your site secure. All it
does is allow the data from the client to the server encrypted. IEestablishes a secure encrypted tunnel from you (IIS) to the client'sbrowser. It does not however protect your server or infrastructure inany way.


Brings to mind a quote I had in my sig a while back:

Gene Spafford: "Using encryption on the Internet is the equivalent ofarranging an armored car to deliver credit-card information from someoneliving in a cardboard box to someone living on a park bench."

It is all about the end points . . . encryption is not THE weak point,it is A possible attack point, and stronger than most!


Regards,

Rogan
--
Rogan Dawes

*ALL* messages to discard () dawes za net will be dropped, and added
to my blacklist. Please respond to "lists AT dawes DOT za DOT net"

Current thread:

how to secure a commercial web site info (May 11)
- Re: how to secure a commercial web site Jeffrey Weiss (May 11)
  - Re: how to secure a commercial web site Sean Radford (May 12)
- <Possible follow-ups>
- RE: how to secure a commercial web site Levenglick, Jeff (May 11)
- RE: how to secure a commercial web site Griffiths, Ian (May 11)
- RE: how to secure a commercial web site info (May 12)
- RE: how to secure a commercial web site Jason Gregson (May 12)
  - Re: how to secure a commercial web site Rogan Dawes (May 12)
- RE: how to secure a commercial web site Levenglick, Jeff (May 12)