Re: [SM-STABLE] ssl

[David P. D. <dp...@dp...>]

Warnings for the NO LOCK - the page does not "look" secure to the end user,
because a full web page will never be loaded with SSL, the only information
that will be encrypted is the login and password.  This could confuse some
end users.  And also the only information that is secure is the login &
password.  Session IDs, cookies, and related data is insecure.

Browser warnings - sometimes they can be disabled, some browsers you can
load your self-signed certs.  The reason why commercial sites don't generate
warnings is because they have paid to have their cert signed by a real
certificate authority (ca).  If you get a CA signed cert with the correct
Common Name (CN), then almost every browser will work without warnings.
*** Your mileage may vary.  Valid at only participating web browsers and
servers. ***

See information with your web server software for more information on SSL
and SSL Certificates and compatibility with browsers.


-- ****************************************************************** --
| David P. Discher           * (314) 518-3795      * <dp...@dp...> |
| <http://dpd.dpdtech.com/>  * AOL/MSN: "DavidDPD" * ICQ:4222899       |
-- ****************************************************************** --

on 3/17/02 12:44 PM, Jano Lukac at jed...@ya... wrote:

> 
> Hi,
> 
> Neat fix, but the problem is that with certain browsers (i.e., netscape), a
> dialog box pops up saying "you are about to be redirected to a connection that
> is not secure" blah blah blah, without a check box thingy.  How do sites like
> yahoo keep this from happening?
> ??

on 3/17/02 10:59 AM, Dennis Durling at de...@un... wrote:

> Again, thanks!
> It works, of course, but I am still wondering about your warnings.
> 

on 3/17/02 12:49 PM, Dennis Durling at de...@un... wrote:

> You can easily make your browser not give you that message so I wouldn't
> consider it much of a problem.
>