[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ApacheSSL
> If they're handling money, then, yes, the paranoia is probably necessary.
> Aside from the 40-bit vs. 128-bit issue, one of the big security risks of SSL
> and similar systems is that the server they run on is typically sitting right
> out there on the Internet waiting for somebody to crack it, and keeping
> credit card information on the same rather than handing the encrypted
> information
> across some secure interface (whether a firewall or dedicated RS232 or
> whatever.)
> A bulletproof 128-bit interface doesn't help if it's running on a cracked
> machine.
> Putting it on a separate firewalled machine is a Good Thing.
Yes, and being able to review the source code of the server
for security holes is also Important, if you are dealing with real
money.
--
Sameer Parekh Voice: 510-601-9777x3
Community ConneXion, Inc. FAX: 510-601-9734
The Internet Privacy Provider Dialin: 510-658-6376
http://www.c2.net/ (or login as "guest") [email protected]