|
|
|
|
||||
|
Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact us. |
 |
|
|||||||
| Discuss what's fucking going on, and which programs are best and worst. One-time "program" announcements from "established" webmasters are allowed. |
|
|
Thread Tools |
04-05-2015, 09:40 AM
|
#1 |
|
Confirmed User
Join Date: Dec 2009
Posts: 2,157
|
SSL Encryption - User Security Query
Lets say you have a white label which you are hosting on your own server:
(1) Someone connects to your site (which is 256 bit SSL secured) and you have a REGISTER and LOGIN function that is secured by your SSL. (2) Once logged in from your site, the user enters into a billing function on a third party site (which is 128 bit SSL secured) with a totally separate key. How did this work for security of the user? Since there are two separate levels of encryption and two separate encryption keys for EACH of the two steps (a) login/register and (b) billing/payment does this improve security of the user? Or is it exactly the same as if you had used one SSL key throughout all steps? |
|
|
|
04-05-2015, 09:54 AM
|
#2 |
|
Confirmed User
Industry Role:
Join Date: Jan 2012
Location: NC
Posts: 7,683
|
how do you host whitelabel on your server ? never heard of it ...
anyways ., ssl are domains and or subdomains specific. they are bound to the domains. lets say, your domain has 256 bit SSL cert, then all the data coming and going from your domain to the surfer unde https protocol will be encrypted using your cert. when the user enters the billing site aka 3rd party site, the 3rd party site's sssl comes in to play while user is on that domain, data transferred from your domain 256 bit to 3rd party site 128 bit goes in plaintext but inside this encrypted channel so for anyone who is wiretapping or capturing those packets , it totally useless. but 256 is better than 128.
__________________
SSD Cloud Server, VPS Server, Simple Cloud Hosting | DigitalOcean
|
|
|
|
|
04-05-2015, 10:01 AM
|
#3 |
|
It's 42
Industry Role:
Join Date: Jun 2010
Location: Global
Posts: 18,083
|
Do not use SSL 3.0
Use TLS Make sure the encryption cipher is SHA. |
|
|
|
|
04-05-2015, 10:06 AM
|
#4 | |
|
Confirmed User
Join Date: Dec 2009
Posts: 2,157
|
Quote:
I think I understand...... however, my question is that does having two separate SSL cert improve security for the user rather than if it was just one SSL certificate used throughout login and billing? I can only presume that it does since the user is availing 256 bit for the login and a totally separate SSL cert 128 bit for the billing. So therefore if one encryption was decoded, that doesn't necessarily mean the other one will be. |
|
|
|
|
|
04-05-2015, 10:16 AM
|
#5 | |
|
It's 42
Industry Role:
Join Date: Jun 2010
Location: Global
Posts: 18,083
|
Quote:
Another domain's linked content that is https should not throw a security alert on your domain if it is also served https. |
|
|
|
|
