[ic] DIrty dirty hack... can i get some feedback?

Jim Balcom interchange-users@interchange.redhat.com
Wed Oct 3 20:15:00 2001


On Thu, 4 Oct 2001, Andrew McBeath wrote:

AM>>If you are going to transfer session data like this, what problems are
AM>>looming in the background, and assuming it can be done with reasonable
AM>>security (i.e. not vulnerable to passing random session id's in the
AM>>query string for example)...I feel it's worth the $125 US each customer
AM>>is going to save not having to buy a certificate from Thawte.

I was able to get SSL sessions transferring from one (non-SSL) domain name
to a (SSL) domain name. Internet Explorer did not like this, although my
then current version of Netscape did not bitch about it. IE popped up  a
warning message telling the caller that they were being transferred to a
different site and they they needed to be careful.

Now, I've got customers that even with 128-bit security are refusing to put
their CC# into a totally secure set-up. People are going to run away,
screaming, from a warning message that they are being diverted.

AM>>What do you guys reckon about this?

I assume that you are going to use Interchange to make money with. Getting
an SSL Cert is just another cost of doing business, like buying another
computer, like paying for telephone lines, like paying for a DSL or T-1
service.

Don't do anything that will scare your customers. Scare them and they will
run away - quickly. Give them confidence and they will buy from you, again
and again!

Don't be cheap!

-= Jim =-

----------------------------------------------------------------
Jim's Linux-Operated Underground Bomb Shelter

Tagline for Wednesday, October 03, 2001 at 20:05 PM:
Plankton lobbyist: "NUKE THE WHALES!"

----------------------------------------------------------------
This Linux System has been up 218 hours

My web page: http://www.idk-enterprises.com
----------------------------------------------------------------