On Sunday, Jul 27, 2003, at 13:25 US/Pacific, Octavian Rasnita wrote: [..]
[..]It is not very easy to install support for SSL, or the library for creating images for perl, while for PHP is much easier.
let's think about this for a moment - do you know which SSL layer you are working with in PHP and do you understand the risks in the various versions of SSL?
Or is the hope that the PHP folks have installed the correct version?
At which point we can of course get into the discussion of who is 'responsible' for monitoring the 'security alert bullitins' with regards to 'vagaries' in this or that implementation of SSL...
at which point we arrive at the question
and a cgi piece of code should know that
it was called over an SSL connection by
which non-spoofable mechanism?Or is this the part of the process where we shift to the question of encrypted VPN client connection mechanism as a more interesting model for dealing with what information should be 'more tightly guarded' from prying eyes?
Or were we planning to deal with 'information encryption' as a part of the problem here?
ciao drieux
---
You can have my Compiler
when you rip it from my Cold Dead Hands-- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
