On Qua, 19 Jan 2011, Camaleón wrote:
That sounds like bad programming or a buggy site.
True
There are methods to prevent such attacks on the server side that involves no encrypted sessions,
True
but sometimes it is easier (and cheaper) for companies to rely on completely encrypted sessions and not implement another countermeasures.
However, SSL has the added benefit that no one will be spying on your traffic, even if it's basically public information that is available via other means. And it's overhead is minimal, to the point that it should not be noticeable unless the computer (client or server) and/or internet connection are very slow.
-- Computers are not intelligent. They only think they are. Eduardo M KALINOWSKI edua...@kalinowski.com.br -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110119155553.14402bt31wb6f...@mail.kalinowski.com.br
