If you don't control the network between the Accelerator and your
webserver, you're toast anyway.
> And now your telling me that the SSL Accelerator Box and the IDS is
> seeing in clear text the traffic I thought only the web server was
> seeing ?!?! And presumably, the IDS is logging somewhere all the credit
> card info that I might be sending...
So what? How many "secure ecommerce sites" just put the information that
you sent over the secure channel into a database accessible by a tcp
port? or simply print it out? Send it via unencrypted mail to their
sales department (presumable to foobar-marketing@aol.com. Yes, I've
already seen that.). HTTPS is just a gurantee, that your data isn't
sniffed between your web browser and the device you're talking to. Once
the data hits the web server, there is nothing that HTTPS can do or you
can rely on.
> Mind you, I guess nothing prevented somebody to do something behind the
> Webserver to do some wicked thing but now, your telling me that they are
> devices, on the open market, specially design to do this!
Of course. Once you hit more than a few https transfers, you can either
burn your cpu cycles for doing crypto or simply use a device.
Regards
Henning
-- Dipl.-Inf. (Univ.) Henning P. Schmiedehausen -- Geschaeftsfuehrer INTERMETA - Gesellschaft fuer Mehrwertdienste mbH hps@intermeta.deAm Schwabachgrund 22 Fon.: 09131 / 50654-0 info@intermeta.de D-91054 Buckenhof Fax.: 09131 / 50654-20
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/