On 8/2/2010 8:56 AM, Istace Emmanuel wrote:
" Should I be worried about banking transactions or credit card orders?"
Yeah :(
" You could use any kind of VPN you want with the remote site. Use an IPSEC
tunnel between hosts if you don't trust SSL. Or OpenVPN with blowfish."
No, because the SVN is on a SaaS cloud, so we just have access to the
service and not the system. So we can't install a VPN server and remember,
vpn and ipsec use SSL. Search on google about SSL Spoofing ;)
Can you point me to something specific? I see things about spoofing
some other site's certificate and some things about specific
implementations being subject to man-in-the-middle attacks but nothing
that looks like a generic weakness. If you are concerned about your
service provider (who would have the best opportunity to arrange a
man-in-the-middle connection), maybe you should use someone else - or a
service that lets you run your own system images where you could set up
a blowfish-based vpn.
--
Les Mikesell
lesmikes...@gmail.com
