I RTFA and the white paper. Worth mentioning here (I searched the first 108 comments and saw no mention of this):
- HTTPS is not affected
The white paper, while seemingly complete and well written, mentions this almost in passing near the end of the document. That may cause many readers, if they simply skim the paper, to miss this critical point. Further, it discounts using HTTPS as "...an impractical solution".
If security is engineered into your site from the beginning, there's nothing at all impractical about using HTTPS.
The stats returned by Netcraft on two sites I own/maintain are very misleading.
Good information is good, but bad information is generally worse than no information, because it influences our decisions in artificial ways.
It reports the HTTP URI as 'Since Nov 1999' which is correct. However, it reports the HTTPS URI as 'New site', which is completely false. The HTTPS URI resolves to the same IP, and has the same domain ownership details as the HTTP URI. The *only* difference is in the protocol of the URI. Both are virtual hosts on the *same physical server*.
In the click-thru for the explanation of the 'New Site' status, Netcraft states:
(quoted from http://toolbar.netcraft.com/help/faq/index.html#ne wsite)
"New Site" means the site you are currently visiting has not been seen before by the Netcraft Web Server Survey. This indicates that the site is very new and should be considered less trustworthy than other sites. Since most phishing sites spring up overnight and disappear just as quickly, you should be extremely suspicious if you see this when visiting what you believe to be a trustworthy site.
This is so misleading as to be silly. I believe you should be suspicious of Netcraft's analysis.
It would be interesting to hear Netcraft's explanation for this, as it seems to be an incredibly fundamental mistake in the implementation of their site assessment tool.
Slashdot Mirror
- HTTPS is not affected
The white paper, while seemingly complete and well written, mentions this almost in passing near the end of the document. That may cause many readers, if they simply skim the paper, to miss this critical point. Further, it discounts using HTTPS as "...an impractical solution".
If security is engineered into your site from the beginning, there's nothing at all impractical about using HTTPS.
It reports the HTTP URI as 'Since Nov 1999' which is correct. However, it reports the HTTPS URI as 'New site', which is completely false. The HTTPS URI resolves to the same IP, and has the same domain ownership details as the HTTP URI. The *only* difference is in the protocol of the URI. Both are virtual hosts on the *same physical server*. In the click-thru for the explanation of the 'New Site' status, Netcraft states: (quoted from http://toolbar.netcraft.com/help/faq/index.html#ne wsite)
This is so misleading as to be silly. I believe you should be suspicious of Netcraft's analysis.
It would be interesting to hear Netcraft's explanation for this, as it seems to be an incredibly fundamental mistake in the implementation of their site assessment tool.
freepository has/is:
Free
Supported
Secure remote command line access
On-the-fly tarball downloads (with & w/o ,v)
Long history (since '99) - it'll be here down the road
Let me know what you think. If it sucks, say so. If it rocks, say so. jbminn
freepository has/is:
Free
Supported
Secure remote command line access
On-the-fly tarball downloads (with & w/o ,v)
Long history (since '99) - it'll be here down the road
Let me know what you think. If it sucks, say so. If it rocks, say so.
jbminn