[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-security] For you webhosting providers--OT: SSL certs

Subject: RE: [cobalt-security] For you webhosting providers--OT: SSL certs
From: "Sean Ward" <planxty@xxxxxxxx>
Date: Fri, 16 Aug 2002 11:13:21 -0500
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

You might consider GeoTrust(.com) for the cert as well.

As long as we're off topic, make sure to add client and server side
validation for the account signup form. 

I'm not sure why you have an IP address in a hidden field, but you can
ensure submissions come from your site by validating the header
server-side when the form is submitted.

Also, check the paths in the code. Probably shouldn't see things like
this: src=file:///M|/images/spacer.gif

HTH

Sean 



-----Original Message-----
From: cobalt-security-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-security-admin@xxxxxxxxxxxxxxx] On Behalf Of David
Smulsky
Sent: Friday, August 16, 2002 9:26 AM
To: cobalt-security@xxxxxxxxxxxxxxx
Subject: Re: [cobalt-security] For you webhosting providers

Thanks, dave :)

Yeah I am looking for a SSL cert, to bad vergisign wants like 400$ :(

any other options?

Dave(2)
----- Original Message -----
From: "Mailing Lists" <listonly@xxxxxxxxxxxxxxxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Sent: Friday, August 16, 2002 9:15 AM
Subject: Re: [cobalt-security] For you webhosting providers


> on 8/16/02 7:56 AM, David Smulsky stated:
>
> > What the hell did that mean, Eugene?
> >
> > I know what it means, but why so aggressive...
> >
> > Dave
>
> >>
> >>> my hosting company is based from a direct mailing company, so we
have
> > more
> >>> then the capabilities to launch HUGE marketing direct mail
campaigns
:)
> >>
> >> Let us know your IP range whan you get your T1.  We'll instantly
put it
> >> in our reject lists :-(
> >>
>
> I think he feels that you are going to be spamming, which reading your
> message doesn't state that at all. Direct mail and email are 2
different
> things. Some on the list have an aversion to Spam or questions they
feel
are
> below them. Ignore them and donate and ask questions when you need
help or
> have answers. Most of us here are always willing to help. Others just
like
> to stir the campfire.
>
> One note, you need to be doing SSL on your signup page for credit card
info.
>
> Good luck on your new business.
>
> Dave (the real Dave, accept no imitations:)
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>
>


_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security

References:
- Re: [cobalt-security] For you webhosting providers
  - From: David Smulsky

Prev by Date: RE: [cobalt-security] For you webhosting providers
Next by Date: RE: [cobalt-security] Security Hardening Update 2.0.1 MAJOR FLAW!!!!!! ACTION REQUIRED!
Previous by thread: RE: [cobalt-security] For you webhosting providers
Next by thread: RE: [cobalt-security] For you webhosting providers

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index