Hello, On 08.12.2010 14:13, Tom Evans wrote: ...
And the experienced user has seen these warnings often, so he regularly clicked on "I understand the risks" and accepted the ssl session anyway - and it's even wiser in most cases to do because mostly you're better off (in web 2.0 services for example) with an encrypted transfer and non-secure identity than with both non-secure...What 'experienced' (stupid?) users do is neither here nor there. I rarely trust self signed certs and would never accept a certificate for a host that isn't what it claims to be. Since 'experienced' users do do this sort of thing, don't give them an option to do so.
I don't give them this opportunity, neither do you and all the other responsible people on this ML. The reality on the world wide web is different, and leads to users spontanously clicking "I understand the risk" even if it's not really true.
The best way to avoid this problem is not dummy vhosts, it is to not serve multiple websites from the same IP ...In an ideal world, yes. But in this world the number of available IPs is restricted, whereas the quest for new domains seems endless.IPv4 addresses aren't exactly tricky to lay your hands on, despite the endless yearly warnings that IPv4 will run out in the next N years.
If you have a direct contract with the backbone provider, fine.If your server has a rented place in a data center your IP range is normally restricted.
If you have one SSL site, and many non SSL sites, you should host on 2 distinct IPs, ...
I prefer to keep my few IPs for real SSL services instead of nicer-written configuration.
... The cost of obtaining a second IP is small compared to the brand cost of having badly served SSL sites.
My SSL and non-SSL sites are served perfectly now that I found the hack-around (with the help of this ML).
I'd just prefer that apache offered a more concise way to configure that. / Bernd --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|