Frackin script kiddies!!
Richard Pieri
richard.pieri-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Mon Aug 2 23:55:19 EDT 2010
On Aug 2, 2010, at 11:06 PM, Jarod Wilson wrote:
>
> Well, personally, I think a sane mythweb package puts a config file
> into apache's config includes directory, not in a .htaccess file. And
> then you enable authentication and wrap it with ssl. I'm not paranoid
> enough to worry about requiring a vpn link or ssh tunnels, I've got
> https access from anywhere.
So does every potential attacker in the world.
Wrapping HTTP in SSL offers no protection to your server. None. Zilch. Nada. It protects the end to end traffic. An attacker still has access to your authentication mechanism and can just as easily launch a brute force or exploit attack against it as he could if the traffic were clear instead of encrypted.
--Rich P.
More information about the Discuss
mailing list