Re: Re: for the security minded web developer - secure way to login?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Feb 17, 2009 at 3:11 AM, Per Jessen <per@xxxxxxxxxxxx> wrote:
> Colin Guthrie wrote:
>
>> I appreciate that https doesn't provide "trust" by default, but
>> ultimately that's how Joe Bloggs public has been told to deal with it
>> "look for the padlock" etc. etc. to be sure that your session is
>> secure blah blah.
>
> Yeah.  Which is probably because all of the intricacies are way beyond
> Joe Bloggs, so the issue was cut down to something about "trust".
>
>> Now with the HV certs the UI also has the company
>> name in the URL and this *is* going towards a trust infrastructure.
>
> I googled, but couldn't find anything - what are HV certificates?
>
>
> /Per
>
> --
> Per Jessen, Zürich (0.6°C)
>

Perhaps "EV" (Extended Validation) certificates? These are the ones
that get extra special treatment in the browser because the CA is
supposed to go beyond merely verifying that the URL domain matches the
certificate by making additionally validating that the certificate
belongs to a real entity whose identity they have verified. They also
cost the most.

Andrew

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux