[m-dev.] Bugtracker
Matt Giuca
matt.giuca at gmail.com
Fri Feb 1 23:45:37 AEDT 2013
Fair enough, it buys you protection from passive attacks (but not
man-in-the-middle attacks). However, the browser vendors have spoken, and
like it or not, they have decided to show a self-signed certificate in the
same manner as a fraudulent one, which means nobody will trust your site.
On 1 Feb 2013 23:23, "Paul Bone" <paul at bone.id.au> wrote:
> On Fri, Feb 01, 2013 at 11:18:49PM +1100, Matt Giuca wrote:
> > If you can't get a real one, you are better off not using SSL. All modern
> > browsers show a huge warning and from a security standpoint it doesn't
> buy
> > you much.
>
> It does. It means that people can't sniff your password out of the air.
>
> We'll investigate getting real certificates, we just havn't do so yet.
>
>
> --
> Paul Bone
> http://www.bone.id.au
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mercurylang.org/archives/developers/attachments/20130201/df17579c/attachment.html>
More information about the developers
mailing list