One thing all you guys are missing is that the SSL cert only protects the data path over the net. In the day of switches (having replaced hubs) that's actually pretty secure. There's far more risk at the client (PC) or server (host) ends - that's where most of the data is stolen.
All this is really about appearance rather than providing real security. Not saying that we shouldn't use certs, but an expensive cert is just a distraction from the potential lack of security on the server end. As a webhost and unix admin I'd much rather application developers put the effort they waste on discussing SSL into writing secure applications!!
Slashdot Mirror
One thing all you guys are missing is that the SSL cert only protects the data path over the net. In the day of switches (having replaced hubs) that's actually pretty secure. There's far more risk at the client (PC) or server (host) ends - that's where most of the data is stolen. All this is really about appearance rather than providing real security. Not saying that we shouldn't use certs, but an expensive cert is just a distraction from the potential lack of security on the server end. As a webhost and unix admin I'd much rather application developers put the effort they waste on discussing SSL into writing secure applications!!