Re: Forced HTTPS on web site

On Fri, 09 Mar 2012 15:31:53 +0100 Alexander Kriegisch wrote:
> Maybe
> it would be a good idea to either use a commercial certificate or, if
> that is too expensive, continue using the self-signed one, but only to
> log in and after you are logged in.

Commercial certificate is not necessary, CACert certificates are
acknowledged by any sane browser and may be obtained for free after

Self-signed certificate is inappropriate solution anyway, because it
provides no real security (forged server may use its own self-signed
certificate) and will be rejected by most check patterns.

Ticket about this bug was opened long time ago, by the way:

> Me personally, I know how to import a cert, but this knowledge should
> not be necessary to access your web site without being annoyed by the
> warning all the time

Users who are not able to install a certificate, should learn how to
do so. Really, I was always amused why one needs a license to drive a
car and no license to use a computer, though computers are more
complex and sophisticated than cars even considering onboard
electronics on modern cars.

Best regards,
Andrew Savchenko

Attachment: pgppeDr2MbOOV.pgp
Description: PGP signature

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]