mailing list archives
Re: how to secure a commercial web site
From: Rogan Dawes <discard () dawes za net>
Date: Wed, 12 May 2004 16:09:45 +0200
Jason Gregson wrote:
Firstly let me apologise in advance if I have made this post to the
wrong place. If so tell me what I did wrong and it wont happen again
Bilur, Applying a SSL server does not make your site secure. All it
does is allow the data from the client to the server encrypted. IE
establishes a secure encrypted tunnel from you (IIS) to the client's
browser. It does not however protect your server or infrastructure in
Brings to mind a quote I had in my sig a while back:
Gene Spafford: "Using encryption on the Internet is the equivalent of
arranging an armored car to deliver credit-card information from someone
living in a cardboard box to someone living on a park bench."
It is all about the end points . . . encryption is not THE weak point,
it is A possible attack point, and stronger than most!
*ALL* messages to discard () dawes za net will be dropped, and added
to my blacklist. Please respond to "lists AT dawes DOT za DOT net"