Re: Cisco blunders with insecure web page

[Chris Adams <cmadams () hiwaay net>]

Once upon a time, blitz <blitz () macronet net> said:
> > But applicants registering for the programme online discovered their
> > banking and company details were going onto an open web page. When one
> > irate silicon.com reader called the Cisco helpdesk, he was informed
> > that the company was aware of the problem because several other users
> > had complained.
<snip>
> > In a statement, Cisco said it had pulled the registration URL for 48
> > hours to install SSL (secure sockets layer) - a common way of securing
> > web pages.

SSL does not secure web pages.  It secures web _traffic_.  If you don't
protect a web page by required a password (either via HTTP
authentication or a CGI based scheme), SSL won't help protect the data
stored on the web server one bit.

Okay, SSL _can_ be used to secure web pages with client certs, but that
is not as common in the "real world" as different forms of password
based authentication.

Or is the article an over-simplification of the issue?
-- 
Chris Adams <cmadams () hiwaay net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.