Frackin script kiddies!!
Ian Stokes-Rees
ijstokes-/2FeUQLD3jedFdvTe/nMLpVzexx5G7lz at public.gmane.org
Mon Aug 2 23:59:01 EDT 2010
On 8/2/10 11:55 PM, Richard Pieri wrote:
> On Aug 2, 2010, at 11:06 PM, Jarod Wilson wrote:
>> Well, personally, I think a sane mythweb package puts a config file
>> into apache's config includes directory, not in a .htaccess file. And
>> then you enable authentication and wrap it with ssl. I'm not paranoid
>> enough to worry about requiring a vpn link or ssh tunnels, I've got
>> https access from anywhere.
> So does every potential attacker in the world.
>
> Wrapping HTTP in SSL offers no protection to your server. None. Zilch. Nada. It protects the end to end traffic.
It does, however, allow the possibility of two-way X.509 cert
authentication which is very secure, but means having your X.509 private
key on every system and in every browser you use to access that web server.
Ian
More information about the Discuss
mailing list