I also said that it is not full proof, no security is. The whole point of security now a days is to make it as hard as you can to break it. If you don't want your site hacked or its data comprimised, the 100% full proof solution is to unplug the server and distroy the data itself to prevent an inside job as well. Obviously, this is very extream and does not work for companies.
I have to agree with jamesh on this one. Part of the security around having the SSL cert verified off site is it helps prevent man in the middle attacks. If you use a self-signed cert it breaks part of the security of SSL. While no security is full proof, the harder you can make it for a hacker or scammer the better.
Slashdot Mirror
I also said that it is not full proof, no security is. The whole point of security now a days is to make it as hard as you can to break it. If you don't want your site hacked or its data comprimised, the 100% full proof solution is to unplug the server and distroy the data itself to prevent an inside job as well. Obviously, this is very extream and does not work for companies.
I have to agree with jamesh on this one. Part of the security around having the SSL cert verified off site is it helps prevent man in the middle attacks. If you use a self-signed cert it breaks part of the security of SSL. While no security is full proof, the harder you can make it for a hacker or scammer the better.
You could go office space on their synthetic asses. Baseball Bat, throw in a dash of anger issues and you got a party :). PC Load Letter THAT!