|
WebApp Sec
mailing list archives
Re: Should login pages be protected by SSL? (and comment to moderator)
From: Amir Herzberg <herzbea () macs biu ac il>
Date: Tue, 21 Jun 2005 22:18:48 +0200
Andrew van der Stock wrote:
On page two, it says for clients / card holders / admins / POS / ATM
they state:
"1 Network (e.g. Internet) – must have authentication and encrypted
communication to web and/or application server"
I don't think they get much clearer than that. MUST to my standards
jaundiced eye means "no exceptions". AND means both authentication and
encryption at the same time. So basically, I think that covers off SSL
logins - in my book, Visa / MC require it for Internet websites - no
exceptions.
Thanks - that's pretty clear, I must have missed it... Can you please
resend me the original document, I may have erased it by mistake?
thanks, Amir Herzberg
thanks,
Andrew
ps. On the bounces, ezmlm should remove them automatically after 5
days. But if it doesn't get better, I'll hassle the Symantec admin
staff to help me as I can't always see who the bounces are.
Thanks! And sorry - I didn't notice you are also the moderator... Honest
mistake.
--
Best regards,
Amir Herzberg
Associate Professor
Department of Computer Science
Bar Ilan University
http://AmirHerzberg.com
New: see my Hall Of Shame of Unprotected Login pages:
http://AmirHerzberg.com/shame.html
 By Date 
By Thread
Current thread:
|
Intro
