[ale] https

[D. Alan Stewart]

I'm the one that started this thread! It was in reference to a social club web 
site. The authenticity of the web site is of little concern, protecting private 
data is our concern. We've had a woman in the club alarmed because 
someone got her picture and name from our web site and managed then to 
get her phone number from elsewhere. Since then we've created a private 
portion of the site, protected by htaccess. We need to protect from someone 
intercepting data between browsers and the web server when users are in the 
private portion of the web site.

> I believe your assessment is accurate, but when you are presented with 
> the dialog regarding the unrecognized cert., you have three options, 
> accept this once, accept forever, don't accept.
> 
> Now, I might be wrong, but I believe the original poster of this thread 
> indicated that this would be accessed by a small subset of 
> clients/employees.  In such a situation, I think you're okay to take 
> this approach.  They get the dialog and they accept it, based on the 
> fact they've been told that this is going to happen.
> 
> Now, if I was going to www.buystuff.com and was presented such a dialog 
> prior to entering my purchasing data, you can bet I'd pop that cancel 
> button in a second, and never return...



D. Alan Stewart
Layton Graphics, Inc.
155 Woolco Dr.
Marietta, GA 30062
Voice: 770/973-4312
Fax: 800/367-8192
FTP: ftp.layton-graphics.com
WWW: www.layton-graphics.com


"As far as the laws of mathematics refer to reality, they
are not certain; and as far as they are certain, they do
not refer to reality." - Albert Einstein

---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.