Douglas Gourlay wrote:
> On the other hand, the skill level required
> to put a sniffer between two nodes and capture packets is far less.
True, but how many sites encrypt the link between the Web server and the DB? It
might take a bit more skill than sniffing the HTTP, because the database
protocol is probably harder to read than HTTP, but probably not a lot more.
Really, an SSL connection only assures the user that nobody can intercept their
traffic out on the public Internet. Once that's understood, the
SSL-terminating boxen sound more reasonable.
Um...however, there is one way they could make matters much worse. I can
imagine a shady (or really ignorant) company offering SSL termination services,
where the unencrypted hop runs over the public Internet. It'd be even more
vulnerable than a completely unencrypted setup, because all the unencrypted
data would be running over more or less the same path, so it'd be easier to
intercept.
-- /=================================================================\ |John Stracke | http://www.ecal.com |My opinions are my own. | |Chief Scientist |================================================| |eCal Corp. |"If there's anything The Flintstones have taught| |francis@ecal.com|us, it's that pelicans can be used to mix | | |cement." -- Homer Simpson | \=================================================================/
This archive was generated by hypermail 2b29 : Thu Nov 18 2004 - 11:21:29 MST