[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] How secure is http basic authentication?

On 04/27/2013 06:53 PM, David Tomaschik wrote:
> Startcom StartSSL offers free basic certs. Domain verified only. But
> you still have to run a VPS or a host willing to let you install your
> own certs. (Since SNI is not widely deployed, deploying SSL usually
> requires its own IP.)

Disclaimer: I am just a customer of these guys, not someone who works
for or gets paid to talk about 'em.

WebFaction does SNI wonderfully, and you can get the free certs from
Startcom, or if you shop around you can usually get SSL certs for as
little as $10. 90% of certificates are required for encryption-only
purposes (e.g., "low-assurance"), and so minimizing expense is good.

If you do your own hosting, of course, cool. But WebFaction is a really
nice shared-type hosting option that gives you SSH access, lets you
compile your own software on the server, and manages things like the
front-end reverse proxy for you. And they're not expensive at all. I
wouldn't store security sensitive information there, but for most other
purposes I think they're just fine.

? Mike

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 901 bytes
Desc: OpenPGP digital signature
URL: <http://mail.ale.org/pipermail/ale/attachments/20130427/5f3c32c1/attachment.sig>