Home page logo

webappsec logo WebApp Sec mailing list archives

Re: how to secure a commercial web site
From: Rogan Dawes <discard () dawes za net>
Date: Wed, 12 May 2004 16:09:45 +0200

Jason Gregson wrote:

Firstly let me apologise in advance if I have made this post to the
wrong place. If so tell me what I did wrong and it wont happen again

Bilur, Applying a SSL server does not make your site secure. All it
does is allow the data from the client to the server encrypted. IE establishes a secure encrypted tunnel from you (IIS) to the client's browser. It does not however protect your server or infrastructure in any way.

Brings to mind a quote I had in my sig a while back:

Gene Spafford: "Using encryption on the Internet is the equivalent of arranging an armored car to deliver credit-card information from someone living in a cardboard box to someone living on a park bench."

It is all about the end points . . . encryption is not THE weak point, it is A possible attack point, and stronger than most!


Rogan Dawes

*ALL* messages to discard () dawes za net will be dropped, and added
to my blacklist. Please respond to "lists AT dawes DOT za DOT net"

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]