Re: Should login pages be protected by SSL? (and comment to moderator)

[Amir Herzberg <herzbea () macs biu ac il>]

Andrew van der Stock wrote:
> On page two, it says for clients / card holders / admins / POS / ATM  
> they state:
>
> "1 Network (e.g. Internet) – must have authentication and encrypted  
> communication to web and/or application server"
>
> I don't think they get much clearer than that. MUST to my standards  
> jaundiced eye means "no exceptions". AND means both authentication  and 
> encryption at the same time. So basically, I think that covers  off SSL 
> logins - in my book, Visa / MC require it for Internet  websites - no 
> exceptions.
Thanks - that's pretty clear, I must have missed it... Can you please 
resend me the original document, I may have erased it by mistake?

thanks, Amir Herzberg
> thanks,
> Andrew
>
> ps. On the bounces, ezmlm should remove them automatically after 5  
> days. But if it doesn't get better, I'll hassle the Symantec admin  
> staff to help me as I can't always see who the bounces are.
Thanks! And sorry - I didn't notice you are also the moderator... Honest 
mistake.
--
Best regards,

Amir Herzberg

Associate Professor
Department of Computer Science
Bar Ilan University
http://AmirHerzberg.com

New: see my Hall Of Shame of Unprotected Login pages: 
http://AmirHerzberg.com/shame.html