Well, a lot has changed in the past 20 years. ARP Spoofing attacks emerged, Wireless shared channel communications emerged, attackers multiplied and his methods got and more sophisticated. Facebook, Twitter and are examples of very expensive migrations related to social networks considered necessary that may not deal with data as sensitive as some apps in web2py such as medical records management, etc...
I invite you to take a look at the "other side". Checkout your firewall logs on a public exposed device, checkout the releases found on this website by a group of hackers called LulzSec ( http://lulzsecurity.com/releases/ ) and if you're interested, just take a look at the portal exclusively dedicated to report attacks on websites around the world on a daily basis ( http://www.zone-h.org/archive/special=1 ). On Jun 17, 12:11 am, pbreit <pbreitenb...@gmail.com> wrote: > I don't think the situation is that dire. The web has worked like this for > 20 years and it hasn't been an actual issue. I think as long as the tools > are available to go "all-SSL" that's fine.
