httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joshua Slive" <jos...@slive.ca>
Subject Re: [users@httpd] [DEV-REQUEST] mod_ifenv ported to Apache2
Date Tue, 25 Jul 2006 17:52:10 GMT
On 7/25/06, SithLord <apache-mail@melkor.st> wrote:
> On Tuesday 25 July 2006 03:18, Joshua Slive wrote:
>
> > First, SSL without a valid certificate trusted by the client is not
> > any safer than plain-text in the end.  A "man-in-the-middle" could sit
> > on the wire, provide your clients with a bogus certificate, and
> > decrypt all the traffic on the way back and forth to the server.
> > Since your clients are used to hitting "ignore" on the certificate
> > error warnings, they would be none-the-wiser.
>
> You're absolutely right but I don't have any "clients". These services are not
> for public use. This isn't a production service available to real
> clients/customers. I have some services at home I like/need to have available
> from outside. Moreover, there is nothing absolutely critical and most of
> these services could be available through plain HTTP. Remember that I talked
> about a "poor's man" HTTPS virtual hosting, nothing related to production
> use.

Why do you want to use HTTPS?  So that your communications with these
services can't be intercepted?  Well, if you don't have proper
certificates, you aren't getting that benefit, so you might as well
just use HTTP.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message