 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
On 8/2/10 11:55 PM, Richard Pieri wrote: > On Aug 2, 2010, at 11:06 PM, Jarod Wilson wrote: >> Well, personally, I think a sane mythweb package puts a config file >> into apache's config includes directory, not in a .htaccess file. And >> then you enable authentication and wrap it with ssl. I'm not paranoid >> enough to worry about requiring a vpn link or ssh tunnels, I've got >> https access from anywhere. > So does every potential attacker in the world. > > Wrapping HTTP in SSL offers no protection to your server. None. Zilch. Nada. It protects the end to end traffic. It does, however, allow the possibility of two-way X.509 cert authentication which is very secure, but means having your X.509 private key on every system and in every browser you use to access that web server. Ian
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
